Marco Casassa Mont - Web Page - HP Labs
Cloud & Security Lab
Identity Analytics Project
The Identity Analytics project is part of the Security Analytics project, at HP Labs, System Security Lab.
“Identity Analytics” consists of a set of approaches, techniques and methodologies to explain and predict the impact of investments in the space of Identity and Identity and Access Management (IAM) on aspects of relevance to decision makers (e.g. CIOs/CISOs), such as on security exposure/risks, (financial) costs, people behaviours, compliance, trust, reputation, effect on productivity and business (e.g. on business alignment and agility) etc., in well defined context and scenarios.
Our recent research and development in this space aims at exploring the Economics of IAM by eliciting decision makers' strategic preferences on strategic outcomes of relevance (e.g. security risks, productivity, compliance, costs, etc.), exploring trade-offs and the impact of potential options by using modelling and simulation techniques.
In this context, “Identity Analytics” aims at providing decision makers with decision support tools and services (based on modelling, simulation and analysis techniques) by factoring in the “levers” (e.g. acting on identity management technologies, automation & centralisation, education, other security investments, policies, etc.) they can act on and the consequences of their decisions (what-if analysis) along with exploring potential trade-offs (e.g. investing on identity automation vs. security patching and intrusion detection). The following picture shows the main aspects and factors involved in Identity Analytics:
The focus is at the business level. Key decision makers, such as CIOs/CISOs are targeted. Identity management is likely to be an area where even the experts have little intuitions as to how to invest for the best (security) outcomes. The complexity and tight relationship with business and compliance mean it will remain high priority for CIOs and CISOs. As such it is likely to be a high profile and rich problem area .
There are many research opportunities and challenges in this space: we believe that a rigorous, scientific approach is required, involving the usage of modelling and simulation techniques, coupled with the understanding of involved technologies and processes, human behaviours and economic aspects.
For more information and an overview of this project, have a look at the following HP Labs Technical Reports:
HPL-2010-35 Marco Casassa Mont, Adrian Baldwin, Simon Shiu, Paul Collins - Job Design: providing Strategic Decision Support for Risk Analysis and Policy Definitions, HPL-2010-35
HPL-2010-12 Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: A Case Study on Enterprise Business Services, HPL-2010-12
HPL-2010-11 Marco Casassa Mont, Yolanta Beres, David Pym, Simon Shiu - Economics of Identity and Access Management: Providing Decision Support for Investments, HPL-2010-11
HPL-2009-173 Adrian Baldwin, Marco Casassa Mont, David Pym, Simon Shiu - System Modelling for Economic Analysis of Security Investments: A Case Study in Identity and Access Management - HPL-2009-173
HPL-2009-142 Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu - Using Metrics Coupled with Predictive Modelling and Simulation to Assess Security Processes - HPL 2009-142
HPL-2009-138 Anna Squicciarini, Marco Casassa Mont, Sathya Dev Rajasekaran - Towards an Analytic Approach to Evaluate Enterprises' Risk Exposure to Social Networks - HPL-2009-138
HPL-2009-57 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - Identity Analytics - User provisioning Case Study: Using Modelling and Simulation for Policy Decision Support - HPL-2009-57, 2009
HPL-2009-56 Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management - HPL-2009-56, 2009
HPL-2008-188 Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu, Yolanta Beres - Identity Analytics: Using Modeling and Simulation to Improve Data Security Decision Making- HPL-2008-188, 2008
HPL-2008-186 Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu - Towards Identity Analytics in Enterprises - HPL-2008-186, 2008
HPL-2008-84 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - On Identity Analytics: Setting the Context, 2008
Marco Casassa Mont
Cloud & Security Lab
Long Down Avenue
Bristol, BS34 8QZ, UK