it-sa 2024 | Congress@it-sa:

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Congress@it-sa Lecture programme

Which NIS-2 measures are relevant to IAM and how can they be implemented? Which general IAM functions are necessary for this?

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Congress@it-sa

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Wed, 23.10.2024, 10:30 - 11:30

event_available On site

place Room Neu-Delhi, NCC Ost

Action description

south_east

Speaker

south_east

Themes

Governance, Riskmanagement and Compliance Identity and access management

Key Facts

NIS-2 regulates risk management in the area of cybersecurity
IAM is required for access control and authentication
The IAM segments IGA and IdP (AM) form an overall solution

Organizer

Beta Systems IAM Software AG

Event

This action is part of the event Congress@it-sa

Action description

NIS-2, the second EU Directive on network and information security, was published by the European Union in December 2022. Member states are required to transpose the directive into national law by October 2024. The main differences between this and the previous version are the extension of affected companies to several sectors, the increased requirements for information security and the closer cooperation with the authorities, in particular reporting obligations on an EU level.

Time is of the essence for affected companies to implement NIS-2 and achieve compliance. In the process, supply chains with third-party suppliers and service providers must also be taken into account.

NIS-2 and other regulations such as BAIT and DORA are current regulations that deal with cybersecurity. For example, NIS-2 describes specific "risk management measures in the area of cybersecurity". These include, for example:

• ensuring the security of networks, information systems and supply chains,
• the regular assessment and review of security systems
• reporting and sharing information about cyber incidents,
• basic procedures in the area of cyber hygiene,
• measures for access control in IT systems,
• continuous user authentication, including multifactor authentication (MFA).

Cyber hygiene is aimed primarily at users to raise awareness of security-oriented behavior in order to make regular implementation of precautionary measures a habit.

Effective access controls and authentication measures for IT systems, on the other hand, can only be achieved using additional systems. This is where Identity and Access Management (IAM) comes into play in order to adequately implement the measures and achieve full NIS-2 compliance.

Authentication is the process of verifying identity, often as part of a login. Access control refers mainly to the process of authorization to determine what the (verified) identity is allowed to do in the IT system based on its authorizations. First, the authentication process enables access to the IT systems, and then access control is used to execute the authorized actions. The protection of identities therefore comes first, as the misuse of identities (e.g. through phishing or spoofing) is the most common form of attack, especially in cloud systems.

In the event of a successful attack, the next defensive measure is to keep the target surface as small as possible. Identities should therefore have as few authorizations as possible, in accordance with the principle of least privilege. Identities with privileged authorizations (in terms of criticality) are particularly at risk, as they generally have a significantly higher risk and damage potential. They should therefore be protected by additional measures, e.g. additional authentication combined with just-in-time activation of authorizations.

How can these different aspects be implemented through IAM?
The IAM market is divided into three large segments:

• Identity Governance and Administration (IGA)
• Access Management, usually as an Identity Provider (AM/IdP)
• Privileged Access Management (PAM)

As an "upper-level" system, IGA takes over the central administration of identities and their authorizations and distributes these to the respective applications. An IdP provides a central authentication service and offers SSO, MFA and various other identity-related functions. PAM focuses on additional functions for privileged access and operates as a separate system or as a build-in functionality of the respective application.

This presentation shows the interaction between IGA and IdP from the perspective of applications and examines individual functions in more detail. ... read more

Participation Limit: 55

Language: German

Questions and Answers: Yes