Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of Beta Systems Software AG
Congress@it-sa Lecture programme

Which NIS-2 measures are relevant to IAM and how can they be implemented? Which general IAM functions are necessary for this?

calendar_today Wed, 23.10.2024, 10:30 - 11:30

event_available On site

place Room Neu-Delhi, NCC Ost

Action description

south_east

Speaker

south_east

Themes

Governance, Riskmanagement and Compliance Identity and access management

Key Facts

  • NIS-2 regulates risk management in the area of cybersecurity
  • IAM is required for access control and authentication
  • The IAM segments IGA and IdP (AM) form an overall solution

Event

This action is part of the event Congress@it-sa

Action description

NIS-2, the second EU Directive on network and information security, was published by the European Union in December 2022. Member states are required to transpose the directive into national law by October 2024. The main differences between this and the previous version are the extension of affected companies to several sectors, the increased requirements for information security and the closer cooperation with the authorities, in particular reporting obligations on an EU level.

Time is of the essence for affected companies to implement NIS-2 and achieve compliance. In the process, supply chains with third-party suppliers and service providers must also be taken into account.

NIS-2 and other regulations such as BAIT and DORA are current regulations that deal with cybersecurity. For example, NIS-2 describes specific "risk management measures in the area of cybersecurity". These include, for example:

• ensuring the security of networks, information systems and supply chains,
• the regular assessment and review of security systems
• reporting and sharing information about cyber incidents,
• basic procedures in the area of cyber hygiene,
• measures for access control in IT systems,
• continuous user authentication, including multifactor authentication (MFA).

Cyber hygiene is aimed primarily at users to raise awareness of security-oriented behavior in order to make regular implementation of precautionary measures a habit.

Effective access controls and authentication measures for IT systems, on the other hand, can only be achieved using additional systems. This is where Identity and Access Management (IAM) comes into play in order to adequately implement the measures and achieve full NIS-2 compliance.

Authentication is the process of verifying identity, often as part of a login. Access control refers mainly to the process of authorization to determine what the (verified) identity is allowed to do in the IT system based on its authorizations. First, the authentication process enables access to the IT systems, and then access control is used to execute the authorized actions. The protection of identities therefore comes first, as the misuse of identities (e.g. through phishing or spoofing) is the most common form of attack, especially in cloud systems.

In the event of a successful attack, the next defensive measure is to keep the target surface as small as possible. Identities should therefore have as few authorizations as possible, in accordance with the principle of least privilege. Identities with privileged authorizations (in terms of criticality) are particularly at risk, as they generally have a significantly higher risk and damage potential. They should therefore be protected by additional measures, e.g. additional authentication combined with just-in-time activation of authorizations.

How can these different aspects be implemented through IAM?
The IAM market is divided into three large segments:

• Identity Governance and Administration (IGA)
• Access Management, usually as an Identity Provider (AM/IdP)
• Privileged Access Management (PAM)

As an "upper-level" system, IGA takes over the central administration of identities and their authorizations and distributes these to the respective applications. An IdP provides a central authentication service and offers SSO, MFA and various other identity-related functions. PAM focuses on additional functions for privileged access and operates as a separate system or as a build-in functionality of the respective application.

This presentation shows the interaction between IGA and IdP from the perspective of applications and examines individual functions in more detail.
... read more

Participation Limit: 55

Language: German

Questions and Answers: Yes

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.