Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Monday, April 19, 2010

Keynote Speaker at IEEE i-Society 2010

I have recently been invited to be one of the Keynote speakers at IEEE i-Society 2010, the International Conference on Information Society.

I am currently evaluating different potential topics to present in my speech, including:
  • Recent trends affecting the Society, organisations and people, including Cloud Computing, Web 2.0, Consumerisation of enterprises, etc.
  • The increasing role that organised crime has on the digital society
  • The problem posed by privacy and privacy management in the digital world
  • Opportunities in the space of Security and IAM to address some of these issues
  • Role that various emerging R&D areas can have in this space: Trusted Virtualization, Economics of Security and IAM, Security and Identity Analytics, etc.

Please feel free to suggest/recommend any topic or aspect you believe it might be of relevance for this type of conference. I would be very interested in getting your input.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

An Update on HPL R&D Activities on Identity Analytics

At HP Labs, we are making good progress in our R&D activities in the space of IAM Analytics.

As a reminder, the goal of our Identity Analytics activity (aka IAM Analytics) is to provide strategic decision maker with decision support tools to make informed decisions by exploring available options and trade-offs by means of what-if analysis.

Our approach differs from common bottom-up approaches that are driven by data analysis and subsequent extrapolations of patterns. Based on a top-down approach, Identity Analytics at HP Labs takes into account strategic aspects of relevance to decision makers (business processes, IT systems, people behaviours, costs, etc.) as well as the implications of dynamic threat environments. Models are developed and simulations carried out to make predictions, by exploring different assumptions, investment options and decision makers’ viewpoints.

Recent developments of our research activity include the exploration of IAM Economics and how a better understanding of strategic preferences of decision makers can help the decision making process.

The updated HPL Identity Analytics web page providing an overview of the project and recent publications can be found here.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Identity Analytics and Economics of IAM – Presentation at IFIP/IEEE BDIM 2010

Due to recent “volcanic activities”, I could not attend the 5th IFIP/IEEE International Workshop on Business-driven IT Management 2010 - BDIM 2010, Osaka, Japan.

However, I have been able to give a remote presentation of the topic discussed in my accepted paper:

“Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: Providing Decision Support for Investments”

My full presentation (MS .ppt) is available here. An abstract of the paper (and presentation) follows:

“Identity and Access Management (IAM) is a key enabler of enterprise businesses: it supports automation, security enforcement and compliance. However, most enterprises struggle with their Identity and Access Management strategy. Discussions on IAM primarily focus at the IT operational level, rather than targeting strategic decision makers' issues, at the business level. Organisations are experiencing an increasing number of internal and external threats and risks: there is scarcity of resources and budget to address them all. Decision makers (e.g. CIOs, CISOs) need to prioritise their choices and motivate their requests for investments. This applies for investments in IAM vs. other possible security or business investments that could be made by the organisation. In this context, a range of possible IAM investment options has an effect on multiple strategic outcomes of interest, such as assurance, agility, security, compliance, productivity and empowerment. We have developed a repeatable approach and methodology to help organisations work through this complex problem space and determine an appropriate strategy, by providing them with decision support capabilities. The proposed approach, validated in collaboration with security and IAM experts, couples economic modeling (which explores decision makers' preferences between the different outcomes) with system modeling & simulations to predict the consequences (likely outcomes) associated with different investment choices and map them against decision makers' preferences, in order to identify the most suitable investment options. We illustrate how this methodology has been applied in an IAM case study, in a business-driven context with core enterprise services. This work is in progress. We discuss current results and next steps.”

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

On Serving in Program Committees of International Conferences

In the last few months I served as a member of various Program Committees of International conferences, including: IEEE Policy 2010, SECRYPT 2010 and MobiSec 2010.

I have also acted as a reviewer of Journal articles, including: Journal of Systems and Software (JSS), ACM Transactions on the Web (TWEB) and Identity in the Information Society (IDIS).

I would encourage people to get involved in these activities. They help me to have a broader and up-to-date view of what is happening in the IAM and security space –as well as networking with peers in these fields.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---