Question

Today we recommend identity management processes and multi-factor authentication. Identity management influences security risks, cost, and productivity.

Security processes should be measured with formal metrics including password management and access patterns to name a few. Samples of identity management metrics include?

Answer 1

Identity and access management or (IAM) for short are initiatives that are considered of high value within any IT organization, but they are really difficult to deploy. Even though it is complex in nature but it still represents 30 percent or more of the total information security budget of any IT institution. It is important to any organization because it helps in defining and executing the identity-related business processes that are most critical to any organization. Some of the most popular metrics that are used to gauge the identity management strategies within an organization are:

The number of uncorrelated accounts: Accounts that have no owner, and occur most frequently when a change happens, for example, in case of a promotion or a termination, are known as uncorrelated accounts. They are the accounts which are not transitioned properly. If there are too many uncorrelated accounts then they may pose a security risk as since the live accounts can be hi-jacked for the unauthorized use.

Average time required to authorize a change: This metric helps in assessing an organization's capability to approve the processes. If it is known how long it takes for a process to be approved, it can help identify bottlenecks or out-of-date processes within an organization.

The number of privileged accounts without an owner: Accounts that do not have any owner are also known as orphaned accounts. These accounts mostly emerge when the people who had the credentials to grant access to important resources by making them privileged users, no longer need access to those resources but they never had their privileges removed. So basically these orphaned accounts have occupied high priority and incredible resources when they do not have any significant owner.

Average time taken to provision or de-provision a user: It helps the organization to understand how long a new user has to wait in order to get access to the resources they need to get their work done. It has serious impacts on productivity and returns on investment (ROI) of an organization. This metric can identify a process that needs to be reviewed and possibly adjusted.

Password reset volume per month: This is an important metric in the field of identity management, and it helps the organizations to measure the effectiveness of their identity management programs. In most organizations, passwords are suggested to updated almost every month. This metric must tend downward if it doesn't then the organization's passwords policies and management tools require a closer look.

Here's the solution to your question. Thanks for asking and happy learning!!