| IdentityThe identity of a user is the information about them that distinguishes them as an individual and which verifies their status within the organization. By definition, the identity of a user is unique to that user. Since there are cases where two users share a common piece of information (e.g. they have the same name), identity is usually established using more than one piece of information, for example:
- Name
- Address
- Contact details, e.g. telephone, e-mail address, etc.
- Physical documentation, e.g. driver’s licence, passport, marriage certificate, etc.
- Numbers that refer to a document or an entry in a database, e.g. employee number, tax number, government identity number, driver’s licence number, etc.
- Biometric information, e.g. fingerprints, retinal images, voice recognition patterns, DNA, etc.
- Expiration date (if relevant).
A user identity is provided to anyone with a legitimate requirement to access IT services or organizational information. These could include:
- Employees
- Contractors
- Vendor staff (e.g. account managers, support personnel, etc.)
- Customers (especially when purchasing products or services over the Internet).
Most organizations will verify a user’s identity before they join the organization by requesting a subset of the above information. The more secure the organization, the more types of information are required and the more thoroughly they are checked.
Many organizations will be faced with the need to provide access rights to temporary or occasional staff or contractors/suppliers. The management of access to such personnel often proves problematic – closing access after use is often as difficult to manage, or more so, than providing access initially. Well-defined procedures between IT and HR should be established that include fail-safe checks that ensure access rights are removed immediately they are no longer justified or required.
When a user is granted access to an application, it should already have been established by the organization (usually the Human Resources or Security Department) that the user is who they say they are.
At this point, all that information is filed and the file is associated with a corporate identity, usually an employee or contractor number and an identity that can be used to access corporate resources and information, usually a user identity or ‘username’ and an associated password.
Date: 2014-12-29; view: 941
|