In your role as information security consultant create a str

In your role as information security consultant, create a strategy for an effective user training, access, and account management program for the project organization. This strategy should include the following components: Explain the components of a complete identity management program. Identify the controls that are available to mitigate risk related to user and account management. Develop recommendations for an effective identity management program. Describe the components of an effective user training and awareness program. Use proper APA (6th edition) style and formatting for all references and citations.

Solution

Identity management is the task of identifying users and entities that access, use or modify a system. The components of a complete identity management system includes

1. Account provisioning and management

Users should be able to request for account and set their details for an account. There should be a password management system for all users and a repository of all users with their details and assigned roles.

2. Role based Access control

Access to different applications, modules or facilities should be controlled by the roles assigned to any user. Users or entities accessing any system must be identified and their activities should be recorded. There should also be a single sign on facility for all users and federated access control across all systems.

3. Directory services (LDAP, etc)

Users must have access to directory services for their own use. Identity of users using the services must be verified.

4. Risk Management

Any risks involved in identity management must be identified and evaluated. If any risk is too high, then steps must be taken to mitigate such risks. For any kind of risk, the remediation steps must be defined.

Security measures need to be in place to mitigate risks related to user and account management. User\'s data must be encrypted and stored in secured systems. They should be behind firewalls in a network with strong access policies. User accounts should have strong passwords so that no user can hack into anyone else\'s account.

The components of user training and awareness are:

1. Web based trainings on security, access control

2. Courses on security awareness and various threats

3. Trainings about different systems, components in the project and identity management.