90 likes | 184 Vues
Once upon a time…. Identity management issues were seen as tactical business process matters that could be dealt with easily through “simple” technology solutions Campus-wide identity management policy questions were rare and, if raised, were dealt with locally
E N D
Once upon a time… • Identity management issues were seen as tactical business process matters that could be dealt with easily through “simple” technology solutions • Campus-wide identity management policy questions were rare and, if raised, were dealt with locally • Does anyone remember the ID Card Committee? • Then, one dark and stormy night (just kidding), talk turned to integration of services, collaboration tools, “e-everything,” service oriented architecture and enterprise this and enterprise that…
…and then the questions started: “how do we provide secure access to this service? how do we know that they are who they say they are? how can this new technology protect privacy rights? and finally, who is responsible for making these decisions?” In response, IMLG was launched. It was 2004.
IMLGOriginal Charge • Define IdM process roles and responsibilities for obtaining access to information and services • Establish criteria about how decisions are made • Coordinate and negotiate access to information and services • Seek efficiencies, especially in the area of eliminating duplicative cards for ID and security purposes
New Provosts, New CIO, then interim CIO, New Director of DoIT, New Chancellor, New Deans, Interim Registrar, New HR Director, New Enterprise Systems… Change happens Impacts • Update IMLG Charter and Membership • Define role of IMLG in support of CIO strategic plan • Define role of IMLG in IT policy • Define role of IMLG in support of campus information security • Charter working group to recommend governance and process issues around new affiliations (ARG) • Establish policy to define sensitive data • Establish (define) a data stewards group
Despite the chaos, we did make progress… • New UDS Appropriate Use Policy • Template for assigning Net IDs to new affiliations • Combined ID/Access cards • Campus awarded InCommon membership • Created definition for sensitive data and endorsed the policy on encryption of sensitive data • Restricted data security standards defined • Agreed to become steering committee for the Madison portion of the UW System IAM initiative • Established technical subcommittees (ID card, NetID policy, affiliation review group….)
What “influences” IMLG policy discussions? • Laws and institutional policy (state and federal laws, UW System rules, faculty rules and regulations, etc.) • Enterprise systems (IAM, HRS, ISIS, etc.) • UW-Madison campus projects and systems owned by schools, colleges and administrative units (APR, business process review, emerging technologies, departmental systems
April 29, 2010 Identity Management Policy-Related Influences Laws and institutional policy (state and federal laws, policy etc.) IMLG UW Campus projects and systems owned by Schools and Colleges (APR, business process review, emerging technologies, departmental systems) Enterprise systems that influence policy (IAM, HRS, ISIS, etc.)
What’s next? • Focus on Security Standards as they relate to Identity Management • Focus on Stewardship • What do we need in terms of policy guidance?
Safeguarding the Information Entrusted to Us Data Governance and Management (Data Stewardship) Policy and Law Individual Education Services College, School and Unit Institution Tools Communication/ Collaboration Accountability Assessment and Audit