350 rub
Journal Highly available systems №2 for 2014 г.
Article in number:
Risks of identity management system implementation projects
Authors:
P. A. Baranov - Ph.D. (Eng.)
Abstract:
The article describes IT risks with high likelihood of appearing and realization during unified user identity management system (also called IdM-systems) IT project implementation. Specific factors that present a threat to this kind of IT projects' successful completion are analyzed. The article contains description of risks that address IT project as a whole and also ones true for its particular stages. Prerequisites of appearance of project schedule failure risks are highlighted. Having that in mind, possible ways of avoidance of these risks are analyzed. Certain ways of risk prerequisites' liquidation are proposed. Measures that have to be taken at the stages of planning and researching of IT project are presented. If the risk consequences have to be faced practical resource loss minimization recommendations are provided in the article. In particular, the recommendations concern program platform selection methods, sequence of adjacent systems integration tuning, order of implementation of IdM system in territorially distributed companies. Organizational steps needed to perform in course of creation of the IdM system in order to prevent risks' appearance and realization are analyzed. Stages preceding system creation (planning, IT infrastructure preparation) are viewed in detail. Responsibility distribution options are considered in scope of creation of the system and its implementation in different company divisions. Responsibility delimitation is important for the following departments: IT infrastructure support team, information security division, automated systems' research department, budget control department. For every kind of risks its influence upon the following key points of IdM IT project implementation process is evaluated: correct program platform selection, technical interaction with adjacent information systems, responsibility delimitation while exchanging data with adjacent information systems, writing of system documentation, arrangement of user rights' reconciliation process, maintenance of identity management service technical support, IT project budgeting. In the process of possible risk handling outcome analysis estimations concerning investment attraction of the project and profitability of IT idea realization for an organization shareholders and top management are performed.
Pages: 39-44
References

  1. Afanas'ev A.A. Autentifikatsiya. Teoriya i praktika obespecheniya bezopasnogo dostupa k informatsionnym resursam. Ucheb. posobie dlya vuzov. M.: Goryachaya liniya ? Telekom. 2009.
  2. Shan'gin V.F. Kompleksnaya zashchita informatsii v korporativnykh sistemakh. Ucheb. posobie. M.: Forum, Infra-M. 2012. 592 s.
  3. Romanov B. Shag za shagom - ot «vruchnuyu» k IdM // Jet Info. 2014. № 3. URL: http://www.jetinfo.ru/stati/shag-za-shagom-ot-vruchnuyu-k-idm.
  4. Lavrukhin A. IdM kak reshenie dlya biznesa // Information Security /nformatsionnaya bezopasnost'. 2011. № 5. S. 26(27.
  5. Bondar' D. Populyarnye IdM-resheniya: chto i kak // Jet Info. 2014. № 3. URL: http://www.jetinfo.ru/author/dmitrij-bondar/populyarnye-idm-resheniya-chto-i-kak.
  6. Analiz tendentsiy postroeniya sistem upravleniya identifikatsionnymi dannymi // Sayt «Khabrakhabr». URL: http://habrahabr.ru/post/148466/.
  7. Mukhametgaleev T. Identity Management - reshenie tipichnykh problem // Bytemag. 2005. URL: http://www.bytemag.ru/articles/detail.php-ID=8973.
  8. Bondar' D. Kak postroit' effektivnuyu sistemu upravleniya dostupom // Jet Info. 2014. № 3. URL: http://www.jetinfo.ru/author/dmitrij-bondar/kak-postroit-effektivnuyu-sistemu-upravleniya-dostupom.
  9. Ivanovskiy V. V krupnoy kompanii IdM-sistema okupitsya za paru let // CNews. Izdanie o vysokikh tekhnologiyakh. 2013. URL: http://www.cnews.ru/reviews/free/banks2013/interviews/viktor_ivanovskij/.