http://www.communities.hp.com/online/blogs/mcm/archive/tags/CIO/default.aspxTags: CIOenCommunityServer 2008.5 SP1 (Build: 31106.3070)http://www.communities.hp.com/online/blogs/mcm/archive/2008/07/09/on-identity-analytics-new-hp-labs-technical-report.aspxWed, 09 Jul 2008 09:35:00 GMT964d1d0f-bea0-4201-a2aa-8aa369a35a46:83657marcocasassamont0http://www.communities.hp.com/online/blogs/mcm/archive/2008/07/09/on-identity-analytics-new-hp-labs-technical-report.aspx#comments<p>This community might be interested to a new HPL Technical Report, just released, titled &quot;<a href="http://www.hpl.hp.com/techreports/2008/HPL-2008-84.html">On Identity Analytics: Setting the Context</a>&quot; (authors: Marco Casassa Mont, Adrian Baldwin, Simon Shiu). </p> <p>This report reflects R&amp;D work we are doing at HP Labs, <a href="http://www.hpl.hp.com/research/systems_security.html">Systems Security Lab</a>. I am very keen in getting your views and input. The abstract of this technical report follows:</p> <p>&quot;This paper aims at setting the context for &quot;Identity Analytics&quot; within enterprises and paving the path towards new R&amp;D opportunities. In our vision, Identity Analytics is about explaining and predicting the impact of identity and identity management (along with other related aspects, such as users&#39; behaviours) on key factors of relevance to decision makers (e.g. CIOs, CISOs), in complex enterprise scenarios - based on their initial assumptions and investment decisions. </p> <p>Ultimately the goal is to provide rigorous techniques to help decision makers gain a better understanding of the investment trade-offs within the identity space (e.g. investing in technologies vs. changing processes vs. investing in users&#39; education, etc.). This means providing &quot;decision support&quot; and &quot;what-if analysis&quot; capabilities to decision makers enabling them to explore these investment trade-offs, formulate new policies and/or justify existing ones. Our vision of &quot;Identity Analytics&quot; is introduced and discussed, along with the methodology that we intend to adopt. </p> <p>There are many research opportunities and challenges in this space: we believe that a scientific approach is required, involving the usage of modelling and simulation techniques, coupled with the understanding of involved technologies and processes, human behaviours and economic aspects. To ground some of the concepts discussed in this paper, we provide an illustration of Identity Analytics focusing on emerging &quot;web 2.0 enterprise collaborative data sharing&quot;, where unstructured information is created, stored and shared by people in collaborative contexts, within and across organisations. We demonstrate how trade-offs can be explored using the modelling approach hence allowing decision makers to explore the different impacts of policy choices.&quot;</p> <p>--- NOTE:&nbsp; use this <a href="http://research-on-identitymanagement.blogspot.com/">mirror blog</a> if you prefer posting on an external blog site &nbsp;---</p><div style="clear:both;"></div><img src="http://www.communities.hp.com/online/aggbug.aspx?PostID=83657" width="1" height="1">Economics of Identity ManagementCIOSecurity Analyticstrade-offsdecision support systemIdentity Analyticswhat-if analysisdecision makersCISOsimulationmodellinghttp://www.communities.hp.com/online/blogs/mcm/archive/2008/06/27/do-cios-care-about-data-privacy.aspxThu, 26 Jun 2008 17:23:00 GMT964d1d0f-bea0-4201-a2aa-8aa369a35a46:83451marcocasassamont0http://www.communities.hp.com/online/blogs/mcm/archive/2008/06/27/do-cios-care-about-data-privacy.aspx#comments<font face="Times New Roman" size="3"> <p class="MsoNormal" style="MARGIN:0pt;"><span style="mso-ansi-language:EN-US;">Apparently they don&#39;t, </span>at least based on a recent Ernst &amp; Young report, whose outcomes have been summarised in <a href="http://www.dofonline.co.uk/governance/audit-chiefs-still-lax-on-data-privacy6637.html">this article</a> <span class="small">written by Adrie van der Luijt </span>:</p>&nbsp; <p class="MsoNormal" style="MARGIN:0pt;">“IT fraud and data privacy fail to sound the alarm for CIOs and internal audit chiefs, a survey shows. Sixty-five per cent internal audit chiefs do not recognise data privacy and IT fraud as a serious threat to their business.</p> <p class="MsoNormal" style="MARGIN:0pt;">&nbsp;</p> <p class="MsoNormal" style="MARGIN:0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;">A survey, released by Ernst &amp; Young, found that internal audit chiefs ranked corporate breaches and data privacy regulation sixth in their top ten IT risks for the organisation, while for CIOs it barely made it onto the list at just ninth. </p> <p class="MsoNormal" style="MARGIN:0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;">&nbsp;</p> <p class="MsoNormal" style="MARGIN:0pt;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;">In addition just 14 per cent of internal audit chiefs said that their staff had been trained in fraud investigation. …”</p> <p class="MsoNormal" style="MARGIN:0pt;"><span style="mso-ansi-language:EN-US;"></span>&nbsp;</p><span style="mso-ansi-language:EN-US;">I would be interested in having a look at this survey, if only I could find a copy online …</span><span style="mso-ansi-language:EN-US;">&nbsp;</span><span style="mso-ansi-language:EN-US;">&nbsp;</span> <p class="MsoNormal" style="MARGIN:0pt;">--- NOTE:<span style="mso-spacerun:yes;">&nbsp; </span>use this <a href="http://research-on-identitymanagement.blogspot.com/">mirror blog</a> if you prefer posting on an external blog site <span style="mso-spacerun:yes;">&nbsp;</span>---</p></font><div style="clear:both;"></div><img src="http://www.communities.hp.com/online/aggbug.aspx?PostID=83451" width="1" height="1">CIOData Privacysurvey