UCL  IRIS
Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Economics of Identity and Access Management: Providing decision support for investments
  • Publication Type:
    Conference
  • Authors:
    Mont MC, Beresnevichiene Y, Pym D, Shiu S
  • Publication date:
    20/10/2010
  • Pagination:
    134, 141
  • Published proceedings:
    2010 IEEE/IFIP Network Operations and Management Symposium Workshops, NOMS 2010
  • ISBN-13:
    9781424460380
  • Status:
    Published
Abstract
Identity and Access Management (IAM) is a key enabler of enterprise businesses: it supports automation, security enforcement, and compliance. However, most enterprises struggle with their Identity and Access Management strategy. Discussions on IAM primarily focus at the IT operational level, rather than targeting strategic decision-makers' issues, at the business level. Organizations are experiencing an increasing number of internal and external threats and risks: there is scarcity of resources and budget to address them all. Decision-makers (e.g., CIOs, CISOs) need to prioritize their choices and motivate their requests for investments. This applies for investments in IAM vs. other possible security or business investments that could be made by the organization. In this context, a range of possible IAM investment options has an effect on multiple strategic outcomes of interest, such as assurance, agility, security, compliance, productivity, and empowerment. We have developed a repeatable approach and methodology to help organizations work through this complex problem space and determine an appropriate strategy, by providing them with decision support capabilities. The proposed approach, validated in collaboration with security and IAM experts, couples economic modelling (which explores decision-makers' preferences between the different outcomes) with system modelling and simulations to predict the consequences (likely outcomes) associated with different investment choices and map them against decision-makers' preferences, in order to identify the most suitable investment options. We illustrate how this methodology has been applied in an IAM case study, in a business-driven context with core enterprise services. This work is in progress. We discuss current results and next steps. © 2010 IEEE.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Author
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by