Thanks to the readers that sent comments to me (interestingly, by email …), about my previous post on “Applying Modeling and Simulation techniques to Identity Management”. Feel also free to post your comments directly on the blog.
An interesting question I received was about the overall scope of the R&D work on Identity Analytics, i.e. if it only strictly applies to the Identity Management space.
I would say that the scope is wide. The goal is to include also economics aspects, people’s behaviours, privacy and privacy management elements along with any IT and business aspects of relevance for the analysed scenario/case study. Our models and simulations indeed represent the (risk mitigation) effects of identity controls: they do it in the context of the scenario of interest, by including the representation of involved processes, data storage, information flows along with relevant applications and services.
The outcomes of our models can vary, depending on the questions we want to answer, such as ROIs in using specific IdM solutions, trade-offs in investments, impact of controls and security on usability, etc.
Hope this answer the question.
Please have also a look at the Demos2k model attached to our recent HP Labs Technical Report HPL-2008-186, for a few illustrative examples of the above points.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment