Category:Access Management

From IT frameworks

(Redirected from Access Management)
Jump to: navigation, search

The ITIL Map

Define a vision for your IT organisation that is aligned with the Business.Control your IT expenses!Ensure correct handling of future expectations and requirements.Provide assurance of IT services.Ensure agreement with your customer on services.Guarantee an up to date service menu.Ensure the correct capacity of your services.Ensure the correct avalability of your services.Plan for the unexpected.Ensure appropriate security for your services.Control who delivers to us.Reply to user requests in a service minded manner.Solve the unexpected in the daily operations!Detect and sort activities in your IT infrastructure.Ensure correct access to your services.Fix the unexpected in the daily operations.Reduce mistakes affecting Business.Control the changes to the IT infrastructure.Predicted performance vs. Actual performance.Change services without unexpected downtime.Assure that your service does what is intended.Keep the knowledge in your company!Keep track of how your services are interconnected.Know how to measure your services.Ensure correct analysis of your services.Standstill = Decline!Friendly and helpful single point of contact for your users.Contract between you and your customers.ITILv3 TheMap.png
About this image

One of the key processes in Service Operation, Access management is often referred to as "Rights management" or "Identity management" and is responsible for handling access requests posed to the IT organisation by its users.

Access Management flow chart


Contents

Goals & Objectives

To grant rights or take them away as necessary for users of an IT service.

Terminology

  • Access - Service available to a user of IT
  • Rights - Priviliges of IT user to access services and/or information
  • Service Groups - Effective way of granting rights to users who belong to groups
  • Directory Services - Refers to a tool used by access management

Roles

Scope

The Access Management process basically executes the security policy defined in the Service Design key process Information Security management.

The key to a well implemented Access Management is CIA:

  • Confidentiality - Only users with granted access has access to information
  • Integrity - Information available to users is accurate and up to date
  • Availablility - Information is available to those users who should have access when they need it

Note: Every access change is also an "ITIL change" and should be transitioned through Change Management at least once to enable a pre-authorized standard change.

Activities

The first main activities of Access management must be to ensure that the person/group requesting access are who they say they are and then that they should have access.

Interfaces

Inputs

  • User request for access to an IT service
  • RfC
  • Service request
  • New employee, HR sends request via Service Desk to allow access to IT services

Outputs

  • Access granted or revoked

Value to the Business

  • Control over who has access to certain information (sensitive information)
  • Ability to easily revoke access should employees leave their posts
  • For auditing purposes, a well implemented access management should be able to easier find security breaches.

Implementation

Challenges to implementation

Flow Chart Model

See image on the right.

Tips for exam

Access Management execute security policy defined and designed in Information Security management

References and resources

  1. Key Element Guide Service Operation - OGC
  2. ITIL Service Operation - OGC

Pages in category "Access Management"

This category contains only the following page.

A

Retrieved from "http://www.itframeworks.org/wiki/Category:Access_Management"
Personal tools