Andrew Hughes CISM CISSP
Independent Consultant
In Turn Information Management Consulting
o +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security
On the call today with Torsten and the others we seemed to be in general agreement that the BoK could be made more extensible by adding a few more (or different) cross-cutting considerations. For example:
- Concepts
- Best practices
- Regulations
- Standards and Protocols
Could become
- Governance and Management
- Use cases
- Risks, vulnerabilities, and threats
- Regulations
- Standards and Protocols
- Future considerations
Rationale
- Cognitively it is good to have between 4 and 7 items on a graphical list like that
- Best practices (aka good practices) could be added as a 7th or just assumed to be included pervasively in the 4 major functions and the cross-cutting considerations alike
- Use cases (aka user stories) can capture a lot of things from the mainstream use cases to industry sector, geographic differences, edge cases. We could also include the critical topic of business enablers (or business opportunities) in use cases.
- Governance and Management are crucial and should not be omitted, they can also capture many models, methodologies and concepts including how do you measure ROI on identity
- Future considerations is a handy category for all the things you want to keep track of that could become important, like Blockchain identity, etc. We had that as part of the Burton/ Gartner reference architecture. Having it as a well-maintained category would help the BoK be future-proof and evolve.
For me, this now would approach "comprehensive".Dan BlumSecurity Architects PartnersCheck out the blog at http://security-architect.com ----------------------We are a highly-experienced group of consultants dedicated to helping clients plan, specify and develop security programs, policies and technology solutions.On Mon, Apr 24, 2017 at 2:27 PM, Andrew Hughes <andrewhughes3000@gmail.com> wrote:My view is that once a sub-domain can be accurately described in a reasonably stable way then it qualifies for inclusion in the BoK. We can have unfilled categories in the Taxonomy - no issue there with creating forward-looking branches because it's easy to adjust as needed, up until the point we fill in the BoK content (after that it's hard to change the taxonomy)So: if you are the type to hang out at "Identity on the blockchain" kinds of events you might see taxonomy branches about those topics but no actual BoK content.Check back in a few years, once things have been tried out more and there's a growing consensus (get it? ha!) on a few potentially viable paths forward and the writers can start finding and curating the content for the BoK.The BoK is the stuff an ID Pro should know (loosely body of knowledge) and also the stuff an ID Pro should know about (loosely taxonomy).Finding the balance will be an ongoing challenge - but if content writers struggle to compose a reasonably sane description for a BoK section then we can suspect that it's still too early.andrew.Andrew Hughes CISM CISSP
Independent Consultant
In Turn Information Management Consultingo +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information SecurityOn Mon, Apr 24, 2017 at 5:41 AM, Dan Blum <dan.blum@security-architect.com > wrote:An interesting question is whether the BoK is to document the digital identity status quo, or to also move our shared understanding into relatively less-charted levels. For example, Ian Glazer proposed an innovative threat model, and a maturity model, that I haven't seen elsewhere.I summarize and link to the Changing Face/Fate of Identity talk from Ian in this post. You'll note reference to Ian's thinking that transparency and accountability controls must be added to preventative IAM controls. Note my thoughts there that applying these and other advanced controls will be challenging in the post-GDPR era - but perhaps essential for businesses to retain the ability to go-to-market with customers in digital.In short I believe that we may be earlier in the evolution of digital identity architecture than most think, and would be an advocate for a forward-looking BoK...Looking forward to today's discussion!Dan BlumSecurity Architects Partners / KuppingerColeCheck out the blog at http://security-architect.com ----------------------We are a highly-experienced group of consultants dedicated to helping clients plan, specify and develop security programs, policies and technology solutions.On Mon, Apr 24, 2017 at 7:46 AM, Megan Cannon <megan@kantarainitiative.org> wrote:______________________________--Greetings,Please join us today for our BoK / Taxonomy meeting at 11am EDT. Dial in details are listed below; you may view the complete list of call details for each meeting by accessing the Kantara calendar.
All the best,
Megan
###BoK/Taxonomy WG
Monday, April 24, 2017
11:00am to 12:00pm Eastern Daylight Time
Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/135593357
You can also dial in using your phone.
United States: +1 (571) 317-3116
Access Code: 135-593-357
More phone numbers
Australia: +61 2 8355 1034
Austria: +43 1 2060 92964
Belgium: +32 28 08 4372
Canada: +1 (647) 497-9372
Denmark: +45 69 91 84 58
Finland: +358 923 17 0556
France: +33 170 950 590
Germany: +49 692 5736 7206
Ireland: +353 19 030 053
Italy: +39 0 699 26 68 65
Netherlands: +31 208 080 759
New Zealand: +64 9 974 9579
Norway: +47 21 04 30 59
Spain: +34 931 76 1534
Sweden: +46 775 757 471
Switzerland: +41 435 0026 89
United Kingdom: +44 20 3713 5011
First GoToMeeting? Try a test session: http://help.citrix.com/getready Megan CannonKantara Initiative, Inc._________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro
_______________________________________________
DG-IDPro mailing list
DG-IDPro@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-idpro