Most of current work in the space of Identity Management is around “operational” identity management, i.e. systems and solutions providing security control points to be deployed within an IT infrastructure.
In addition, IdM solutions in the space of “compliance management” will also have to come to terms with the current shift towards “risk management”, where decision makers/CISOs/CIOs are more and more heavily scrutinising their security investments and making their investment bets based on priorities and actual risks.
I believe that an important “next step” in the Identity Management space is going to be towards “Identity Analytics” and related “Identity Risk Management”.
Here are a few interesting research questions in the “Identity Analytics” space:
- What are the basic principles that underpin and characterize enterprise’s identity & privacy management processes (and related human behaviors) and their impact on organizations?
- How to abstract them with models and ways to generate predictions (e.g. with simulation tools) that can be leveraged by decision makers/CISOs/CIOs?
- How to enable decision makers/CISOs/CIOs to better understand (in advance) the impact and implications of their decisions in terms of security risks, costs and potential losses, impact on reputation, etc.?
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---