• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

Question 1

November 9, 2023 by David Lanter 19 Comments

What is the difference between identity management and access management?

 

Filed Under: Unit 12: Identity Management and Access Control Tagged With:

Reader Interactions

Comments

  1. Ooreofeoluwa Koyejo says

    November 12, 2023 at 1:21 pm

    Identity Management (IDM) and Access Management (AM) are components of information systems that address distinct aspects of user governance.

    Identity Management concerns itself with the establishment and administration of user profiles within a system. This involves the creation, modification, and deactivation of user accounts, as well as the implementation of authentication mechanisms, such as passwords, biometrics, or multi-factor authentication.

    Conversely, Access Management (Authorization) which is a summation of user identity and predefined roles is fundamentally concerned with aligning and regulating user interactions with system resources after identities are established. Access privileges are configured for authorization through processes such as Role-Based Access Control (RBAC) i.e., aligning permissions with specific organizational roles. The formulation and enforcement of access policies play a pivotal role in dictating which users are granted access to particular resources and under what conditions.

    In essence, IDM concentrates on the establishment and administration of user identities, while AM is dedicated to the precise control of access privileges, collectively ensuring a comprehensive security framework that aligns user access with organizational policies and regulatory requirements.

    Log in to Reply
    • Celinemary Turner says

      November 13, 2023 at 9:09 pm

      Hi Ooreofeoluwa,
      I agree with Your description of Identity Management (IDM) and Access Management (AM) is accurate and provides a clear understanding of their respective roles within information systems.

      Log in to Reply
  2. Bo Wang says

    November 12, 2023 at 2:44 pm

    Identity management encompasses the broader processes of creating, maintaining, and retiring digital identities. It includes user provisioning, authentication, authorization, and identity synchronization. Access management is a subset of IDM and specifically focuses on controlling and managing user access to resources. It involves access control, authentication, Single Sign-On, and session management. Identity management deals with the overall management of digital identities, while Access management concentrates on regulating user access to specific resources.

    Log in to Reply
    • Yannick Rugamba says

      November 13, 2023 at 7:19 pm

      Hey Bo, I great explanation of Identity and Access Management! Just had a thought. It might be helpful to mention how these two processes are interconnected. Specifically highlighting the importance of Identity Management, for Access Management. It could also be beneficial to include a real-life example to further illustrate your point. Overall though I found your breakdown to be incredibly insightful!

      Log in to Reply
    • Celinemary Turner says

      November 13, 2023 at 9:24 pm

      Wang. i Agree with your comment ,it further emphasizes the comprehensive nature of Identity Management (IDM) and how it encompasses various processes related to digital identities

      Log in to Reply
    • Celinemary Turner says

      November 13, 2023 at 9:24 pm

      Wang. i Agree with your comment ,it further emphasizes the comprehensive nature of Identity Management (IDM) and how it encompasses various processes related to digital identities.

      Log in to Reply
    • Hashem Alsharif says

      November 16, 2023 at 9:31 pm

      Hi Bo, you did a good job distinguishing between the two. I agree with you that authentication is key to identity management, and Access management has a key element of managing user access to resources. One thing I do wonder however – are there any moments within a company where they would focus more on one over the other? I do recognize that both have a high level of importance but perhaps there are companies that have their infrastructure such in a way that they would solely focus on Identity management.

      Log in to Reply
  3. Yannick Rugamba says

    November 12, 2023 at 3:08 pm

    Identity Management involves the creation and validation of IDs, for individuals within a system to issuing digital ID cards. On the hand Access Management functions like a security guard who utilizes these IDs to determine which resources individuals are granted access to. Identity Management establishes an individual’s identity while Access Management governs their actions and permissions based on that identity. When combined these two practices guarantee that authorized individuals have access, within a digital setting.

    Log in to Reply
    • Celinemary Turner says

      November 13, 2023 at 9:44 pm

      Hi yannick,
      The combination of Identity Management and Access Management, as you point out, creates a robust system where authorized individuals have the necessary access within a digital setting.

      Log in to Reply
  4. Celinemary Turner says

    November 12, 2023 at 6:46 pm

    Identity Management focuses on the who (user identity), ensuring accuracy and consistency. At the same time, Access Management focuses on what (access to resources), emphasizing security and efficiency. Here are the key differences based on the defination, key components, objectives, and focus.
    Identity Management (IDM): A framework of policies and technologies ensures that the right people (or entities) have the appropriate access to resources in an organization’s digital environment.
    • Identity Synchronization: Ensures consistency of identity data across multiple systems and applications.
    • Password Management: Encompasses policies and tools for secure password creation, storage, and recovery.
    • Single Sign-On (SSO): Allows users to access multiple applications with a single set of credentials, enhancing user experience and security.
    • Accuracy and Consistency: Ensures accurate and consistent user identities across the organization’s systems.
    • Compliance: Supports regulatory compliance by managing and auditing user identity-related processes.
    • Identity Verification: Confirms the identity of individuals and ensures that their access rights are aligned with organizational policies.
    • Data Quality: Maintains high-quality and up-to-date identity data.
    Access Management (AM) defines and manages permissions to access specific resources and functionalities within an organization’s environment.
    • Authentication: Verifies the identity of users through credentials (e.g., passwords’
    determines the level of access and permissions a user has based on their authenticated identity.
    • Audit and Monitoring: Tracks and logs user activities to ensure compliance and identify security incidents.
    • Access Control Policies: Specifies the rules and conditions under which access is granted or denied.
    • Security: Ensures that only authorized individuals can access specific resources, protecting sensitive information.
    • Efficiency: Facilitates efficient access provisioning and de-provisioning to align with changing user roles and responsibilities.
    • Compliance: Enforces adherence to security policies and regulatory requirements related to access control.
    • Resource Protection: Safeguards organizational assets and data by controlling who can access them.
    • Permissions Management: Specifies the actions users can perform on resources and data.

    Log in to Reply
    • Bo Wang says

      November 13, 2023 at 9:29 pm

      I quite agree with your comment, both emphasize identity

      Log in to Reply
  5. Jon Stillwagon says

    November 12, 2023 at 8:24 pm

    The difference between identity management and access management is that identity management Is the authentication that is created such as a username or password to get into a service. Access management is the use of the username and password to let you in with whatever service you are trying to get into. People use access management to monitor access as a security practice for their services to help protect them from attackers. Access management is also used to control the authorized user’s access to the services they are trying to use. The use of identity management also lets you know what kind of device the person trying to access the service from with the username and password.

    Log in to Reply
    • Eyup Aslanbay says

      November 14, 2023 at 9:39 pm

      It’s insightful in highlighting how identity management handles user credentials, while access management uses these credentials to control access to services. This distinction is vital for understanding how these systems work together to enhance security and prevent unauthorized access.

      Log in to Reply
  6. Edge Kroll says

    November 12, 2023 at 9:30 pm

    Identity management and access management are closely related but each has its own distinctions. Identity management refers to the process of identifying, authenticating, and managing the digital identities of individuals or entities within a system. This involves creating and maintaining user profiles, ensuring the accuracy of user information, and managing the lifecycle of user identities, including provisioning and de-provisioning access.

    Conversely, access management focuses on controlling and regulating the permissions and privileges granted to authenticated users. It is concerned with defining and enforcing policies that determine what resources or data users are allowed to access and what actions they can perform once authenticated. Access management involves the implementation of mechanisms such as role-based access control (RBAC) and fine-grained access controls to ensure that users have the appropriate level of access based on their roles and responsibilities within an organization. Overall, identity management deals with the creation and maintenance of digital identities, while access management deals with the permissions and restrictions associated with those identities.

    Log in to Reply
    • Nicholas Nirenberg says

      November 14, 2023 at 12:27 pm

      I agree with the distinction between identity management and access management. Identity management involves identifying, authenticating, and managing digital identities, while in contrast access management focuses on controlling permissions and privileges for authenticated users, and enforcing policies like RBAC. This clear separation highlights the crucial roles both play in cybersecurity for safeguarding digital assets and maintaining a secure environment.

      Log in to Reply
  7. Hashem Alsharif says

    November 12, 2023 at 11:44 pm

    When looking at Identity management and Access management, it’s important to recognize that these play a separate function, in a way I like to put it, recognition and action.

    With Identity management, it’s main objective is to focus on the identification of an individual within an organization. This includes user authentication, password management, and user registration. This is why recognition is the first function in this process, By focusing on identification, the organizations system will be able to detect and differentiate between other users.

    In regards to Access Management, its objective is to regulate access based on the users identity. This means that after a user is identified, there is the second part, this part being access. This is important because it’s the key factor to ensuring that imperative information is only assessable by users who are allowed to use/see it. this is the action function.

    Log in to Reply
    • Edge Kroll says

      November 14, 2023 at 10:26 pm

      I completely agree with your distinction. Identity Management, as the recognition phase, focuses on identifying individuals through authentication and user registration. On the other hand, Access Management acts as the action phase, regulating access based on the recognized identity to ensure only authorized users can access sensitive information. The integration of these two functions is crucial for a cybersecurity framework, where recognition sets the foundation, and action ensures secure and authorized interactions within the digital ecosystem.

      Log in to Reply
  8. Nicholas Nirenberg says

    November 13, 2023 at 10:53 pm

    Identity management and access management are closely intertwined concepts in the realm of cybersecurity and information technology. Identity management involves establishing and overseeing user identities within a system, ensuring secure authentication through tasks like user provisioning and identity verification. On the other hand, access management focuses on governing and controlling the access that authenticated users have to resources and information. This includes processes such as authorization, permissions, and policy enforcement based on users’ roles. In essence, identity management deals with defining and managing user identities, while access management is concerned with regulating user actions within a system. Together, these processes play a crucial role in maintaining the security and integrity of digital systems.

    Log in to Reply
  9. Eyup Aslanbay says

    November 14, 2023 at 12:52 pm

    Identity Management is primarily concerned with identifying and managing users within a system, focusing on tasks like user registration, authentication, and profile management. It ensures that user identities are correctly and securely established and managed. Access Management deals with what authenticated users are allowed to do within the system. It involves authorizing and controlling user access to various resources, ensuring that users have appropriate permissions based on their roles and responsibilities. While Identity Management determines who someone is in the system, Access Management determines what that person can access and do.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in