Identity management is a cybersecurity first principle strategy.

Who does your identity management? If it isn’t your security team, Rick will tell you that needs some adjusting. In this lesson, Rick reviews the history of authentication, authorization, and identity. He breaks down the seven characteristics of an effective identity system for modern technologies and discusses next generation strategies. The Hash Table also lays out their requirements for a robust identity management system. Spoiler alert: zero trust is key.

Cybersecurity professional development and continued education.

You will learn about: authentication and identity technologies, the 7 characteristics of identity systems, next generation identity management, zero trust for identity management

CyberWire is the world’s most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram

Additional first principles resources for your cybersecurity program.

For more identity management and cybersecurity first principles resources, check the topic essay.

Selected Readings:

1. “A Brief History of Digital Identity,” by Block Systems.
2. "AN H-ISAC FRAMEWORK FOR CISOsTO MANAGE IDENTITY,” H-ISAC, April 2020. 
3. “An Introduction to Identity Management,” By John K Waters, CSO, 15 October 2007.
4. “Computer password inventor Fernando Corbato dies at 93,” by Jon Fingas, engadget, 13 July 2019.
5. “Digital Identity Guidelines: NIST Special Publication 800-63-3,” by Paul Grassi, Michael Garcia, and James Fenton, National Institute of Standards and Technology (NIST), June 2017.
6. “Fernando Corbató: American physicist and computer scientist,” by William Hosch, Encyclopædia Britannica, 8 July 2020.
7. “History of Identity Management Infographic,” by IdRamp.
8. “History of LDAP,” by ldapwiki.com.
9. “History of SAML,” by saml.xml.org, 2015.
10. “Identity 2.0 Keynote,” by Dick Hardt, Youtube, 8 February 2006.
11. "IDENTITY FOR THE CISO NOT YET PAYING ATTENTION TO IDENTITY,” H-ISAC. 
12. “Kerberos and Windows Security: History,” by Robert Broeckelmann, Medium, 16 May 2018.
13. “LDAP and Kerberos, So Happy Together,” By Juliet Kemp, ServerWatch, 12 January 2009.
14. “The Difference Between LDAP and SAML SSO,” by Zach DeMeyer, JumpCloud, 3 April 2019.
15. “The Evolution Of IAM (Identity Access Management,)” by SolutionsReview, Youtube, 3 September 2019.
16. “The Laws of Identity,” by Kim Cameron, Architect of Identity, Microsoft Corporation, 11 May 2005.
17. “SAML2 vs JWT: Understanding OAuth2,” by Robert Broeckelmann, Medium, 23 January 2017.
18. “SAML2 vs JWT: Understanding OpenID Connect Part 1,” by Robert Broeckelmann, Medium, 25 March 2017.
19. “What is IAM? Identity and access management explained,” by James Martin and John Waters, CSO, 9 October 2018.
20. “What is Identity and Access Management and Why is it a Vital IT Security Layer?” by Matt Miller, BeyondTrust, 29 November 2018.
21. “What is IAM? Identity and access management explained,” by James Martin and John Waters, CSO, 9 October 2018.
22. “What is Identity and Access Management and Why is it a Vital IT Security Layer?” by Matt Miller, BeyondTrust, 29 November 2018.
23. “What is OAuth2?” by Tech Primers, 30 June 2017.
24. “What is OAuth? How the open authorization framework works,” By Roger A. Grimes and Josh Fruhlinger, CSO, 20 September 2019.
25. “What is OAuth really all about - OAuth tutorial,” by Java Brains, 23 November 2019.