StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Access and Event Management - Essay Example

Cite this document
Summary
Organizational information is critical for business competitiveness. This requires a carefully monitored access process. Employees should also be restricted from accessing some information in the organization. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.4% of users find it useful
Access and Event Management
Read Text Preview

Extract of sample "Access and Event Management"

? Access and Event Management Table of Contents Executive summary ………………………………………………………………………3 Introduction ………………………………………………………………………………3 Business challenges……………………………………………………………………….4 Directory Services…………………………………………………………………………5 Identity Life Cycle Management Services………………………………………………...5 Management services………………………………………………………………………6 Advantages of Access Management……………………………………………………….7 Disadvantages of Access Management…………………………………………………....8 Event Management……………………………………………………………………….. 8 Advantages of Event Management………………………………………………………..11 Disadvantages of Event Management…………………………………………………….12 Information Technology Infrastructure Library (ITIL)…………………………………..12 Advantages of ITIL……………………………………………………………………….13 Disadvantages due to lack of ITIL………………………………………………………...14 Conclusion…………………………………………………………………………………14 References…………………………………………………………………………………16 Access and Event Management Executive summary Organizational information is critical for business competitiveness. This requires a carefully monitored access process. Employees should also be restricted from accessing some information in the organization. This is enabled by installing authorization and authentication processes. Security measures imposed on information systems restrict unauthorized external access. Every access, function, or activity is documented. This information is stored in event logs. These logs are required by the law and also help the organization eliminate certain risks. The documentation provides a framework for easy restoration of systems when they fail. The organization can also use them as evidence against unauthorized access to the systems. ITIL is an automation infrastructure for information exchange and process management. Organizations can share information through this infrastructure. Introduction Access management refers to authorization of humans and privileges to a system within or across enterprise boundaries. Business organizations have information that requires protection against unauthorized access. Organizations set up policies that govern those who access information, and what levels they can access. For example, managers can access salary information about subordinate workers, but cannot access that of the chief executive. Companies and executives can grant access to external users for information about the organization. This access is important for knowledge sharing and managing available resources. Every access to information is documented in event logs. These logs keep records of all activities in the information systems. Failures are also documented and used by the system administrators to restore the system. Event logs are stored in servers, computers, and routers. Access management deals with authorization and authentication procedures set up by an organization. Event management is the way an organization keeps records of events regarding the information system. Automation refers to activities that take place without human intervention. The path taken by events from the source to the destination is called event flow. A file containing a list of events that have occurred is called an event log. These logs are stored in a log server or a computer. ITIL is an IT service management infrastructure. It helps in the automation of business processes. Business challenges Many organizations have shifted to using the internet for their business activities. This creates the challenge of maintaining flexibility and a secure environment. These businesses have to open their networks to customers and partners. The organization has to maintain the security of their assets and organization privacy. Organizations therefore need tools and security policies for efficient management. There is a lack of a centralized method to manage access accounts, which poses a security threat to resources. Organizations have to manage relationships with different employees, customers, and business partners. Employees require quick access to information for maximum productivity. Customers require web access for purchases and security for data and transaction confidentiality. Business partners require access to confidential information between them. The organization is therefore required to maintain an integrated identity and access management approach. This approach should involve both IT systems and web services. Content management through the web requires controlled access to information (Khosrowpour, 2005). Directory Services These services provide a central identity for I&AM solutions. They have a repository that contains information about user profiles, and passwords. The system contains directories, databases, and flat files. LDAP provides a standard for centralized storage and management of identity details. In some organizations, more than one directory is required. The directories can have one entry point. This enables centralized management of the existing directories. Metadirectories have been introduced for this purpose. They provide a view of isolated identity information stored in several locations in the world. The date values in each source are synchronized throughout the organization. They also provide access to both LDAP and non-LDAP directories. The organization can have heterogeneous infrastructures, which can be managed through the LDAP interface as stated by SANS (2005). Identity Life Cycle Management Services This is a process of modifying user attributes, entitlements, and their credentials. This is based on business policies and enterprise populations. These services include: provisioning, an administration process for digital identities. The identities modifications are also propagated to all applications. Delegated administration; some accounts are delegated management functions. This is utilized in partner accounts. Self-service administration; the user administers some of the attributes. Credential and password management; authentication and authorization keys are carefully administered using appropriate technologies and procedures. Provisioning services allow for the centralizing and automating the processes of managing user accounts and entitlement across multiple applications and directories. Provisioning must be in accordance to the operational procedures of an organization. Approval by the management is required for account creation and execution. The main steps involve registration, approval, and termination of accounts. Management services Authentication process is used to verify the identity of person’s or entities. Several techniques control authentication processes depending on resources to be protected. These techniques use integration of both software and hardware. The aim of access control software is keep guard of sensitive information. Software guards are inserted in applications for access decisions as stated by 2AB (2004). The authentication methods include user name and passwords, personal identification numbers, digital certificates, biometrics, smart cards, electronic passports, and hardware tokens. Single Sign On allows authorized users to access multiple resources by authenticating only once. The user has to remember only one password and once authenticated, the system updates the credentials to other resources. After authentication, the system performs authentication. This determines the user permissions to access certain resources and perform certain actions. The resources have security clearance levels to prevent unauthorized access (Kumar, 2011). Auditing is conducted to determine who accessed certain resources and at what time. The system has centralized logs to ensure the integrity of the auditing process. The end user is responsible for ensuring security for information daily according to Harold and Micki (2011). Over the years, many companies have produced several I&AM products. Microsoft has introduced Identity and Access Management Series, IBM with Tivoli, Bull Evidian with Access Master, Computer Associates with eTrust identity and Access Management Suite and many more. These products provide access management, provisioning, and user administration. The procedure of I&AM involves documenting the infrastructure, establishing security processes, determining relationships across the boundaries, and collecting current security policies. Advantages of Access Management I. They are scalable. The software packages can support more users. The organization can increase the number of partners, employees, and customers. More applications can also be added to the existing management package. II. The software packages provide an alternative to embedding the costly access policy. The application software allow for dynamic modification, testing, and deployment of changes without affecting the codes. III. The system simplifies and secures information. It ensures that the right people have access the information according to their access rights. This management is automated and there is no duplication of data. IV. Collaboration between organizations is possible. Identification of a user is propagated to other departments and business partners. The user can then access materials, and appropriate resources in the organization. Group membership is supported by the system. V. Shared management is possible. Identity information is consolidated. This allows different decision makers to access changes in the system through quick interaction. The resource owners are linked with the technology owners. VI. Access operations are transparent. There is a single point of management. The system keeps a system log for easy and transparent security auditing. The management can know who accessed what resources and at what time. VII. Organizations can share data globally. Users can log in through the internet and access data from any part of the world. Remote workers can perform their work after passing through the authentication and authorization process. Disadvantages of Access Management I. It requires new infrastructure for establishment. The I &AM process requires databases, software packages, directories, and network for full functionality. The databases store logs and directories, and the network interconnects work stations and database servers. II. The software packages are quite expensive to buy. The company has to purchase these packages from vendors, and business applications are quite expensive. III. Technical skills are required. Knowledge is necessary for installing the software and configuring the security procedures. IV. Users can be locked out of organization information in case they forget their passwords and usernames. Event Management Events are records stored in specific areas of a computer system. They are triggered by a user or an automatic background process. For example, installing new software generates several events detailing the installation. Web servers keep event logs related to user access. Firewalls and routers log events regarding allowed, denied, and unauthorized access. Files are used to store event logs. They can be transferred to a log server through the network. Filtering mechanisms are employed in event management applications. This identifies and classifies events produced by different sources. Corporations are legally bound to maintain and review log and event data. IT and audit staff have the responsibility of analyzing this data continuously. This analysis is essential in examining system failures and security breach. Events originate from the source up to the management and storage server. This process is called event flow according to IBM (2004). Continuous assessment by system administrators is essential for identifying risks to the system and take action before actual damage occurs. One of the main purposes for event management is legal compliance. The state has set laws such as HIPAA, GLBA, FISMA and PATRIOT Act, which require organizations to assess their internal control regularly. Audit and IT staff have to consider event logs as the primary source of log data. This data provides information and the audit process is in compliance with the law. The organization secures tamper-proof archives of the original event logs. This provides evidence of legal compliance. Organizations also provide physical documentation of the logs to indicate their control over resource access. Event logs leave a trail of activities in the system necessary for auditing as stated by Rinderle-Ma (2010).Some event management systems do not store all data while others allow for deletion of archives. This undermines the legal compliance efforts of an organization. Majority of the corporations rely on information management systems for running their business operations. Event monitoring is one process of ensuring security for information systems. Security breach can destroy information, leak out confidential information, destroy customer relations, and recovery can be expensive and time consuming. Event monitoring is one of the main security methods for information systems. Employee performance metrics measure employee utilization of resources against the rules and regulations. Key cards, PABX, and keyless access systems provide log information for employees. Monitoring access and telephone systems enables corporations to measure staff behaviour within the enterprise premises. Log information passed to log servers can be used to identify unusual activities according to Babbin (2006). These include unauthorized access, and other security breaches in the organization. Event management is used to assess the health of the system. System downtime leads to loss of revenue, customer attrition, and loss of reliability. Event logs can be utilized to identify the possible causes of system failure to speed up the restoration process. Hardware crush generates error events, which are used during the restoration process. These events produce a pattern used by administrators to spot future risks and employ appropriate preventive measures. Event logs also help during forensic investigation of dubious occurrences in the network. They provide evidence of certain events that might have caused damages to the company network. Access to the system is recorded for easy identification over several platforms. Filtering tools are used to separate breach logs from other types of event logs within the system. Event filtering is used during system management by real time tracking and classification of applications events. For example, event filtering can be incorporated in the Email system. This provides control over incoming mail. The emails can be ignored, stored, or forwarded to recipients. GFI Events Manager is a software package used by organizations to manage events within their premises. It provides web and mail security, back up, archives, networking security software, and other IT solutions for SME’s. These solutions are provided either on-premise or in the cloud or integration of both. It helps the IT team keep records of all events that occur in the enterprise. These events are stored in the archives and databases, and they can be easily retrieved. The software package provides security for the organization network and systems from unauthorized access. The organization can conduct business transactions over the web due to web and mail security services. However, event logs contain only sample behaviour and should not be considered complete. Some logs are too large and complex while others are too small and incomplete according to Daniel, Barkaoui, and Dustdar (2012). Advantages of Event Management Critical events are easily and automatically separated with normal traffic Real time and clear event logs help system administrators rectify system failure or security breach. Security practices and other events are documented to prove the regulatory compliance. Event management is automated and transparent. It occurs during the day and at night with minimal human intervention. An event management and log system can be leased from the service provider to the customers. This is cost effective since the organization can utilize the providers’ network infrastructure. Event management systems are scalable. They support several users and they can accommodate new users such as new employees or business partners. Through employee performance metrics, the management can monitor employee activities continuously. The system protects the organization from attacks and system failure. It also provides quick restoration guide through the event logs. Timely forensic investigation is possible. Disadvantages of Event Management Event management requires investment in data collection, analysis, and reporting system infrastructure. Technical workforce is required for designing the system, implementation and maintenance. Special skills are required to set up the system without disrupting the normal working condition of the IT department. Thousands of event logs are generated daily in an organization. Analyzing these events is cumbersome. Event logs are distributed. They are stored in several computers, servers, and other equipment making data analysis time consuming. The event filtering tools provided with the software have limited filtering capacities. Information Technology Infrastructure Library (ITIL) It provides the organization with a comprehensive set of guidelines for supporting service management in the business process. All service processes are linked together with the people, software applications, and process descriptions. It provides knowledge about challenges in IT management faced by organizations. ITIL is a structure through which an organization can learn how other organizations are dealing with certain IT challenges. IT is the key driver of business activities and an organization requires handling any shifts in technology effectively. By managing the IT process effectively, the organization can improve resource utilization, eliminate redundant work, improve deliverables, integrate processes, and increase competitiveness. ITIL provides a description of what must be included in IT Management to provide quality service. Most of these services are customer oriented (Gran, 2005). It is essential for management of processes, functions and roles. The management can know who did what, what time, and the outcome as explained by Farenden (2011). Advantages of ITIL It provides guidelines on how to implement certain IT solutions in an organization. These guidelines are also used during the rectification of certain IT solutions. There is reduction in operation cost. The organization reduces costs due to automation of the management process. For example, Proctor and Gamble have reported an 8% reduction of operation costs. The Service desk function provides customers with an interface for their contact with the organization. The company can reduce support costs. For example Ontario Justice Enterprise reduced support costs by 40%. ITIL reduces the response time for access and event management. Automation of the systems helps the management respond to certain incidents faster. The organization can reduce costs, shorten cycle times, and improve customer satisfaction through automation. An organization can contact other organizations for support during certain incidents such as security breaches. Improved business activities. These services are aligned with the core business activities for customer satisfaction. Problem analysis is faster. Event logs stored by the system are used in problem analysis. The organization can automate intangible resources such as knowledge management and business processes. Organizations increase their first level resolution rates. The infrastructure offers the organization with problem management services. Consistent and accurate use of resources. Disadvantages due to lack of ITIL The organization lacks an infrastructure for information sharing with other organizations. The staff has a hard time dealing with incidents. They require support staff for service desks. The organization incurs more expenses. These workers are also prone to human errors. It takes a lot of time for the system administrators to analyze event logs to determine the cause of certain incidents in the organization. The infrastructure provides documentation for implementing certain IT procedures. This assistance is not enjoyed by organizations without the infrastructure. Organizations take longer to carry out their business processes. Conclusion Information is the operational base of any organization. The management must enforce measures and policies to ensure their information is protected. Access management controls the kinds of people who can access certain information in the organization. The IT department issues employees with usernames, passwords, biometrics, and other authorization measures. Employees have limited or no access to information depending on the level of their authentication. Ordinary employees cannot access information regarding executive managers and directors. However, the chief executive can access all information in the organization. Information is also shared between business partners, and regulated access is required. System administrators can install software which provides a centralized access to the date base. This allows for easy management and tracking of those who access information. Event management involves keeping records about those who accessed information and systems in the organization. Event logs are stored in computers, servers, or routers containing process information. Changes in software or hardware are also documented. New software installations or introduction or removal of hardware is stored in event logs. This enables administrators to track down any problems that might cause a system failure. Unauthorized access is documented and the organization can use the logs as evidence during legal action. The law requires organizations to continuously keep event records about their systems. There are several software packages that can provide this documentation automatically. Details about access to information provide a trail in case it was a security breach or the information was tampered with. ITIL provides an infrastructure of information sharing between organizations. It creates a virtual service desk for customer services. This eliminates the need for support staff. This infrastructure allows for documentation of processes, functions, and roles that take place within the information system of an organization. It also speeds up reaction time when a problem arises. Every organization must put in place an access and event management system to ensure date security. There are several software packages that can be integrated into the IT department for these services. References 2AB. 2004. What is Access Management? Software Guards For Integrating Applications. Available at http://www.2ab.com/pdf/AccessManagement.pdf. [Accessed May 29, 2012]. Babbin, J. 2006. Security log management identifying patterns in the chaos. Rockland: Syngress. Daniel, F., Barkaoui, K., and Dustdar, S. 2012. Business process management workshops: BPM 2011 International Workshops, Clermont-Ferrand, France, August 29, 2011, Revised selected papers. Part I. Berlin: Springer. Farenden, P. 2011. ITIL for dummies. Oxford: Wiley-Blackwell. GFI. 2011. The need for effective event management. GFI White Paper, 1-9. Gran B, and Stationery Office. 2005. Introduction to ITIL. London: TSO. Harold, F.T., and Micki, K. N. 2011. Information Security Management Handbook. Vol 5. Taylor & Francis Group: Boca Raton. IBM. 2004. Event Management and Best Practices. International technical Support organization. Khosrowpour, M. 2005. Encyclopedia of information science and technology. Hershey, PA: Idea Group Reference. Kumar, A. 2011. Oracle Identity and Access Manager 11g for administrators administer Oracle Identity and Access Management : installation, configuration, and day-to-day t asks. Birmingham: Packt Pub. Rinderle-Ma, S. 2010. Business Process Management Workshops BPM 2009 International Workshops, Ulm, Germany, September 7, 2009, Revised Papers. Berlin: Springer. SANS Institute. 2005. Identity and Access Management Solution. InfoSec Reading Room, 1.4, 4 18. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Access and Event Management Essay Example | Topics and Well Written Essays - 2500 words”, n.d.)
Access and Event Management Essay Example | Topics and Well Written Essays - 2500 words. Retrieved from https://studentshare.org/management/1399312-access-and-event-management
(Access and Event Management Essay Example | Topics and Well Written Essays - 2500 Words)
Access and Event Management Essay Example | Topics and Well Written Essays - 2500 Words. https://studentshare.org/management/1399312-access-and-event-management.
“Access and Event Management Essay Example | Topics and Well Written Essays - 2500 Words”, n.d. https://studentshare.org/management/1399312-access-and-event-management.
  • Cited: 0 times

CHECK THESE SAMPLES OF Access and Event Management

CONFERENCE AND EVENT MANAGEMENT

An analysis of the Royal Brisbane Exhibition Show, more commonly known as EKKA, based from a more internal perspective by virtue of volunteering to attend and observe the event as an insider into the workings in terms of logistics, planning and related activities and issues… The following will serve as an analysis of issues in and around EKKA, from contribution to regional development, right down to the sustainability, pricing and risk management of the exhibition as a whole....
13 Pages (3250 words) Essay

The Roles of the Personnel Manager

People started banking on employees' domain knowledge for developing innovative new products and This change in attitude of the management gave rise to the concept of human resource management (HRM) through which personnel policies were implemented to maximize organizational integrity, employee commitment, flexibility and quality.... However, there have been debates whether HRM has actually changed the management of people as it evolved from personnel management to human resource management, or even whether the roles of the then personnel manager and that of an HR director differ....
6 Pages (1500 words) Essay

Authorization and Access Control

The paper "Authorization and access Control" highlights that authorization is the best way of accessing, maintaining, and inserting data in a particular database in a secured manner or when database and resources are to be communicated then security is very necessary that is provided by authorization.... After completion of the authentication process, the process of authorization is executed, which permits the user to access the required resources through which the user could be identified....
9 Pages (2250 words) Essay

Staging Festival Events Management Law

Additionally, central issues of importance in events management generally involve consideration of financial risk management, liability minimization, legal, environmental and access requirements, income generation, sponsorship and marketing, and event site management.... As such, the staging of a music festival can be commercially attractive however effective risk management is key to ensuring the festival event works; and as such, professionalism is imperative....
9 Pages (2250 words) Assignment

Digital Rights Management

ith all these issues taken into consideration, the Digital Rights management systems were invented and used by industries to protect their rights and to allow users safe access to their technologies and digital content.... igital Rights management refers to the access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to enforce limitations on the use of digital devices and contents.... he technologies of Digital Rights management prevent unauthorized copying, duplication and access of the digital media....
6 Pages (1500 words) Research Paper

Practical Approach To Management Of Event Operations

The paper "Practical Approach To Management Of Event Operations" discusses the importance of the event management and methods of control or administer all the factors related to any specific event.... An event management proposal comprises of those set of activities which are to be undertaken while planning that event.... But for the achievement of the task of making a perfect event proposal, the following are the factors which should be kept in mind by the event organizing committee:The first thing which will be properly considered is budget management....
16 Pages (4000 words) Essay

Operational and Management Factors that Influence Success in Event Management

The primary objective of this assignment is to develop an event management plan of hospitality contract for the Christmas event in the institution campus.... In order to deal with issues associated with the location of the Christmas event, the event management team will seek a prior consent from the management and authoritative committee of the institution regarding the use of LCUCK B6 for organizing the proposed Christmas event.... In addition, the event management committee will also be led by the managers with an agreement of each individual member in the group....
8 Pages (2000 words) Assignment

Londons Most Famous Events

Adequate and proper knowledge of adverse weather conditions, artists' and audiences' profiles, communication systems, method statements, risk assessments and contracts, infrastructural appropriateness, emergency planning, as well as other amenities to suffice the need of the professionals participating in events and audiences have also been a major concern to the authorities when formulating event management strategies.... Contextually, the common norms of event management indicate that the proper implementation of these issues will help in overcoming barriers to conduct events in an object-oriented manner (Holland-Moritz & Vandenhouten, 2013)....
8 Pages (2000 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us