Daniela Pöhn, Sebastian Seeber, Tanja Hanauer, Jule Anna Ziegler, David Schmitz
{"title":"利用IdMSecMan过程框架改进身份和访问管理","authors":"Daniela Pöhn, Sebastian Seeber, Tanja Hanauer, Jule Anna Ziegler, David Schmitz","doi":"10.1145/3465481.3470055","DOIUrl":null,"url":null,"abstract":"In today’s networks, administrative access to Linux servers is commonly managed by Privileged Access Management (PAM). It is not only important to monitor these privileged accounts, but also to control segregation of duty and detect keys as well as accounts that potentially bypass PAM. Unprohibited access can become a business risk. In order to improve the security in a controlled manner, we establish IdMSecMan, a security management process tailored for identity and access management (IAM). Security management processes typically use the Deming Cycle or an adaption for continuous improvements of products, services, or processes within the network infrastructure. We adjust a security management process with visualization for IAM, which also shifts the focus from typical assets to the attacker. With the controlled cycles, the maturity of IAM is measured and can continually advance. This paper presents and applies the work in progress IdMSecMan to a motivating scenario in the field of Linux server. We evaluate our approach in a controlled test environment with first steps to roll it out in our data center. Last but not least, we discuss challenges and future work.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"126 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Improving Identity and Access Management with the IdMSecMan Process Framework\",\"authors\":\"Daniela Pöhn, Sebastian Seeber, Tanja Hanauer, Jule Anna Ziegler, David Schmitz\",\"doi\":\"10.1145/3465481.3470055\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In today’s networks, administrative access to Linux servers is commonly managed by Privileged Access Management (PAM). It is not only important to monitor these privileged accounts, but also to control segregation of duty and detect keys as well as accounts that potentially bypass PAM. Unprohibited access can become a business risk. In order to improve the security in a controlled manner, we establish IdMSecMan, a security management process tailored for identity and access management (IAM). Security management processes typically use the Deming Cycle or an adaption for continuous improvements of products, services, or processes within the network infrastructure. We adjust a security management process with visualization for IAM, which also shifts the focus from typical assets to the attacker. With the controlled cycles, the maturity of IAM is measured and can continually advance. This paper presents and applies the work in progress IdMSecMan to a motivating scenario in the field of Linux server. We evaluate our approach in a controlled test environment with first steps to roll it out in our data center. Last but not least, we discuss challenges and future work.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"126 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3470055\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3470055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Improving Identity and Access Management with the IdMSecMan Process Framework
In today’s networks, administrative access to Linux servers is commonly managed by Privileged Access Management (PAM). It is not only important to monitor these privileged accounts, but also to control segregation of duty and detect keys as well as accounts that potentially bypass PAM. Unprohibited access can become a business risk. In order to improve the security in a controlled manner, we establish IdMSecMan, a security management process tailored for identity and access management (IAM). Security management processes typically use the Deming Cycle or an adaption for continuous improvements of products, services, or processes within the network infrastructure. We adjust a security management process with visualization for IAM, which also shifts the focus from typical assets to the attacker. With the controlled cycles, the maturity of IAM is measured and can continually advance. This paper presents and applies the work in progress IdMSecMan to a motivating scenario in the field of Linux server. We evaluate our approach in a controlled test environment with first steps to roll it out in our data center. Last but not least, we discuss challenges and future work.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
