P.A. Baranov - Ph.D.(Eng.), Assistant Professor, National Research University Higher School of Economics

The article considers early stages of user rights and identity management IT-service creation in an organization. The consideration is performed from the project design and work organization risk management's point of view. Risk mitigation techniques are also taken into consideration. Identity and rights management systems function at organization's IT-infrastructural layer. Tight interaction of user identity and rights management system with neighboring systems (client systems), intense data exchange and rights to change data of neighboring systems is also a risk factor if the user rights and identity management IT-service is implemented incorrectly. Early stages of the project (i.e. pilot project stage) the following risks occur. Risk of inaccurate pilot project goal definition. It is widely spread tendency of beginning of main system design in course of pilot project, when final automation tasks are not stated. These cases a characterized by haphazard design that results in unnecessary spending of resources and ungrounded management decisions. Risk of unnecessary expenses. The pilot project budget and time limits are set and are not a subject of discussion afterwards. Purchase of significant amounts of hardware units and software licenses is an example of unnecessary expenses. Capital inputs into project must appear during later stages. This is also true for personnel training. Risk of non-optimal basic program platform selection. Main software product selection influences rate of success of the IT-project in terms of reaching its main goals. Project manager should have in mind that the fact some software works flawlessly during pilot project implementation does not guarantee it will work this way in real conditions. This happens because of difference in neighboring system interface requirements, and limitations of hardware and software resources through pilot project. This article contains recommendations on application of management instruments and methods available that help in mitigation of the risks mentioned and successful accomplishment of user rights and identity management pilot project while making optimal managerial decisions.

1. Schniederjans M. J., Hamaker J. L., Scniederjans A. M. Information technology investment. Decision Methodology // World Scientific Publishing Co. Pte. Ltd. 2005. P. 552.
2. Lientz B.P., Larssen L. Risk management for IT Projects. How to deal with over 150 issues and risks // Elsevier Inc. 2006. P.331.
3. Lee S.C. An introduction to Identity Management // SANS institute. 2003. URL: http://www.sans.org/reading-room/
   whitepapers/authentication/introduction-identity-management-852-show=introduction-identity-management-852&cat=authentication.
4. Kaitano F. The fundamentals of Identity and Access Management // Theiia.org. 2008. URL: http://www.theiia.org/
   intAuditor/itaudit/archives/2008/april/the-fundamentals-of-identity-and-access-management/.
5. Goloviczy'na M.. Informaczionny'e texnologii v e'konomike. Lekcziya 9. Informaczionny'e sistemy' na predpriyatii. // Intuit.ru. 2012. URL: http://www.intuit.ru/studies/courses/3735/977/lecture/14685.
6. Baranov P.A. Riski IT-proektov po sozdaniyu sistem upravleniya pravami pol'zovatelej // Sistemy' vy'sokoj dostupnosti. 2014. № 2. S. 39 - 44.