Identity Management

Six months ago you hardly heard of 'Identity Management' - but today you hear about it and see it nearly everywhere. Information security magazines of all nature are publishing more and more articles about identity management and improved access control measures. Hardware manufacturers are adding new and improved smart cards USB authentication keys and biometric input devices to their line of products. Software developers are scrambling to promote new and improved access control applications and improved authentication utilities. Is 'Identity Management' a new buzzword in the Information Security arena or is it an important security principle just now coming of age? With all the hype going on about biometrics smart cards and other 'failsafe' access control measures how do you know what to evaluate test and implement? How do you know what system is right for your organization? Before can you answer that you have to determine whether or not your organization has an Identity Management Policy. If you do is it sufficient? Is it accurate? Is it Feasible? Is it realistic? And best of all has it been fully tested? If you do not have an Identity Management Policy than how do you create one? Where do you start?