Research
People
- Leadership
- People
- Jobs
- Awards
- Blogs
About
- About
- Worldwide Sites

Technical Reports

HPL-2008-186

Technical Reports
- »2012
- »2011
- »2010
- »2009
- »2008
- »2007
- »2006
- »2005 - 2000
- »1990 - 1999

Heritage Technical Reports
- »Compaq & DEC Technical Reports
- »Tandem Technical Reports

Click here for full text:

Towards Identity Analytics in Enterprises

Casassa Mont, Marco; Baldwin, Adrian; Griffin, Jonathan; Shiu, Simon
HP Laboratories

HPL-2008-186

Keyword(s): Identity Analytics, Identity Management, Security, Security Analytics, Modelling, Simulation, Economics, Trade-offs, Policies

Abstract: This paper aims at setting the context for "Identity Analytics" within enterprises. In our vision, Identity Analytics is about helping decision makers (e.g. CIOs, CISOs) to explain and predict the impact of identity and identity management (along with other related aspects, such as users' behaviours) on key factors of relevance to them (e.g. costs, risk exposure, reputation, trust, etc.) - based on their initial assumptions and investment decisions, in complex enterprise scenarios. Decision makers are increasingly asked to justify their decisions and provide evidence about returns of IT and security investments. Our goal is to provide them with rigorous techniques to gain a better understanding of the involved threats & risks and investment trade-offs within the identity space (e.g. investing in technologies vs. changing processes vs. investing in users' education). This means providing "decision support" and "what-if analysis" capabilities to explore options, formulate new policies and/or justify existing ones. Our vision is introduced and discussed, along with the methodology that we adopted. There are many opportunities and challenges in this space: a scientific approach is required, involving the use of modelling and simulation techniques, coupled with the understanding of involved technologies and processes, human behaviours and economic aspects. As a significant example, we describe a case study focusing on emerging "web 2.0 enterprise collaborative data sharing tools", where unstructured information is created, stored and shared by people in collaborative contexts, within and across organizations. We discuss related threats and risks and demonstrate how trade-offs can be explored using the modelling approach hence allowing decision makers to investigate the different impacts of policy choices.

37 Pages

Additional Publication Information: Submitted to 24th IFIP SEC 2009, 18-20 May2009, Papos, Cyprus

External Posting Date: October 29, 2008 [Fulltext]. Approved for External Publication
Internal Posting Date: October 29, 2008 [Fulltext]

Back to Index

Technical Reports

HPL-2008-186

Technical Reports

Heritage Technical Reports