• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2024 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

Question 1

November 6, 2024 by David Lanter 37 Comments

What is the difference between identity management and access management?

 

Filed Under: Unit 12: Identity Management and Access Control Tagged With:

Reader Interactions

Comments

  1. Justin Chen says

    November 6, 2024 at 5:59 pm

    Identity management focuses on establishing, storing, and managing digital identity of users. It involves the process of creating, updating, and deleting digital identities. Identity management ensures that users have their unique identifier (role, department, status, permissions…) and that their attributes are accurately recorded and stored.

    Access management focuses more on controlling and managing what resources (tools, area, devices, information…) a user in the organization is authorized to see, use or access. Access management usually utilize security policies or technics such as role-based access control (RBAC) to ensure individuals have access to only those they’re authorized to have actions on.

    Simply speaking, identity management, in essence, manages “who you are” while access management answers “what can you access”.

    Log in to Reply
    • Steven Lin says

      November 12, 2024 at 12:41 pm

      Hi Justin, that was great for pointing out why it’s important to separate identity and access management concerning regulatory compliance and tracking of user permissions. One question I have is how you think businesses might handle dynamic roles or temporary access needs within this framework. For example, how does this view on identity and access management adapt when dealing with contractors or rotating employees, where you need flexible permissions? It’d be interesting to see how these systems manage when access changes frequently, all the while maintaining security and compliance.

      Log in to Reply
      • Justin Chen says

        November 12, 2024 at 4:46 pm

        Hi Steven,
        That’s a great question! Business sometimes have to employees with special or multiple privileges which could be a challenge to the IDM and AM. I looked up online and found Just-in-Time (JIT) Access, which grants time-limited permissions for contractors or rotating employees, automatically revoking access afterward. For compliance of regs and law, automated access reviews would potentially comes in handy . There are a lot more different methods but I think these two address your question the best.

        Log in to Reply
    • Haozhe Zhang says

      November 12, 2024 at 11:50 pm

      Hey Justin
      You’ve provided a clear and accurate summary! Identity management focuses on defining and managing users’ identities, while access management governs what those users are allowed to access. In short, identity management defines “who you are,” and access management determines “what you can access.”

      Log in to Reply
  2. Jocque Sims says

    November 8, 2024 at 10:46 am

    Identity management primarily focuses on ensuring that only authorized individuals have access to the technical resources necessary for performing their job functions. This process entails authenticating users through various policies and techniques, which include managing user access rights and implementing identity-based restrictions. The objective is to accurately identify, verify, and authorize individuals, groups, or software applications. Effective identity management systems can prevent unauthorized access to systems and resources, help safeguard sensitive or protected data from leakage, and trigger alerts when unauthorized personnel or applications—whether external or internal to the organization—attempt to gain access.

    On the other hand, access management specifically addresses the authorization aspect, determining who is permitted to access specific resources or databases at any given time. This involves controlling the allocation of access rights to information systems and services, restricting user access to certain information, and limiting specific functions based on user identity and their defined group affiliation. The access management system oversees portal access through login pages and protocols, ensuring that any user requesting access has the appropriate permissions.

    Log in to Reply
    • Sara Sawant says

      November 11, 2024 at 8:11 pm

      Hi Jocque,
      Your explanation is spot-on. I’d just add that identity management handles user identification and authentication, ensuring only authorized users are recognized, while access management controls what resources those users can access based on their identity and permissions. Identity management focuses on the lifecycle of user accounts, while access management dynamically enforces access controls to secure resources. Together, they ensure that users can only access what they’re authorized to, preventing unauthorized access.

      Log in to Reply
      • Jocque Sims says

        November 12, 2024 at 10:35 pm

        Good evening Sara,

        That’s a great addition! I also agree that focusing on the lifecycle of user accounts is essential for identity management (IM). I faintly recall brainstorming this concept. It seems it didn’t make it into the final draft of my post. You made a good observation—great catch!

        Log in to Reply
  3. Sara Sawant says

    November 8, 2024 at 11:34 am

    Identity management refers to the processes, methods, and policies for creating, protecting, and validating user identities across many platforms. It focuses on secure personal information management, accurate identification, and protection against dangers such as identity theft. To protect security and privacy, identity management systems allow companies to certify a user’s authenticity without exposing their entire identity.
    In contrast, access management establishes what authenticated users are permitted to perform after their identity has been confirmed. A fundamental part of data protection in privacy frameworks, Access management systems grant, limit, or revoke permissions based on security policies, protecting resources by restricting unauthorized actions.

    To summarize, the primary focus of identity management is user authentication, whereas the primary focus of access management is authorization, the control of the authorized user’s system access.

    Log in to Reply
    • Parth Tyagi says

      November 12, 2024 at 7:48 pm

      Great answer! However I would like to add that imo identity management is a subset function of access management. Identity management can be managed/operated through the Active Directory (AD). Having proper AD integration with business applications can enable effective access management (through roles/attributes) centrally. In short, having a supportive and robust identity management is key to effective Access Management.

      Log in to Reply
  4. Steven Lin says

    November 8, 2024 at 9:05 pm

    Identity management and access management play distinct but complementary roles in digital security. Identity management is foundational in that it concerns creating, managing, and verifying the digital identity of each user. This process confirms the presence of each user correctly within the system, generally through an authentication method like passwords, biometrics, and positional data. Identity management systems, whether they be centralized, federated, or user-centric, guarantee verifiable identities securely to support trusted interactions in the digital space. For example, in user-centric models, they can have even more say as to when and whether to release their identity information, adding much respect for privacy and personal ownership of data.

    Whereas authentication confirms identity, access management is the gatekeeper that dictates what the authenticated user can and cannot do within the system. Once the identity of the user is provided by the access management, it enforces a set of permissions determining what resources or data the user can access, based on the user’s role and organizational policy. It enables ancillary tools such as Single Sign-On, which facilitates seamless access across many systems, and multi-factor authentication, which adds another layer of security. Federated identity models mean users can utilize a single verified identity across various trusted providers to access resources from other providers, thereby creating a seamless interaction between providers without sacrificing strong security controls. Together, identity and access management create a structured framework to lock down not only who the user is but also what they can access within a given digital environment.

    Log in to Reply
  5. Lili Zhang says

    November 9, 2024 at 7:19 am

    Identity Management and Access Management play distinct but complementary roles in digital security. Identity management focuses on establishing, storing, and managing digital identities. This process includes creating, updating, and deleting identities, ensuring each user has a unique identifier (such as role, department, or permissions) and accurately recording their attributes. Identity management systems authenticate and verify user identities, preventing unauthorized access and protecting sensitive or protected data. When unauthorized access attempts occur, these systems can also trigger alerts.

    In contrast, access management specifically deals with authorization, determining who has the right to access particular resources or systems. Using methods like Role-Based Access Control (RBAC), access management ensures that users only access resources they are authorized to interact with. Through login pages and access protocols, it plays a vital role in data protection, controlling, restricting, or revoking permissions to prevent unauthorized actions.

    Log in to Reply
    • Rohith says

      November 12, 2024 at 11:59 am

      Great points Lily, I would like add that both identity and access management are intertwined, A well streamlined IAM can smoothen the user provisioning and de-provisioning and access management process. This integration can effectively improve operational efficiency and enhance security.

      Log in to Reply
  6. Lily Li says

    November 9, 2024 at 9:31 pm

    Identity management is the process of representing, using, maintaining, deprovisioning and authenticating entities as digital entities in computer networks. On the other hand, access management controls the decision to allow or block users from accessing a database. The main difference between identity management and access management is that identity management is more concerned with verifying who is trying to access the resource while access management focuses on what resources each identity can access. Identity management and access management work together to keep an organization’s data secure. Identity management checks a login against an identity management database, this database has a ongoing record of everyone who should have access to the database. Access management will then keep track of all the databases the individual has access too and then grant or deny access.

    Log in to Reply
    • Aaroush Bhanot says

      November 12, 2024 at 8:49 pm

      Hi Lily,

      Your comment effectively highlights the core distinctions and collaborative nature of identity management (IdM) and access management (AM). To build on this, it’s important to consider the evolving technologies and strategies within these areas. IdM has advanced beyond basic user verification to include features like multi-factor authentication (MFA) and biometric identification, enhancing security through layered verification. Meanwhile, AM has seen innovations such as role-based access control (RBAC) and attribute-based access control (ABAC), enabling more precise, context-aware access decisions that adhere to the principle of least privilege. A critical aspect to explore is how continuous authentication and AI-driven anomaly detection can support ongoing identity verification even after login, thus bridging the gap between IdM and AM. How can organizations strike a balance between robust security and user convenience in IdM and AM system?

      Log in to Reply
  7. Clement Tetteh-Kpakpah says

    November 9, 2024 at 10:05 pm

    Identity management is a process that entails creating, managing, and maintaining digital identities. This process ensures that throughout the lifecycle of digital identities, verification and authentication of users are done to ensure the personal information, credentials, and roles are rightly managed. On the other hand, access management is the process of controlling and managing the access rights and permissions to various applications, systems, and data upon confirmation of the user identity. It entails authorizing and enforcing policies about who can access what resources and under what conditions.

    Log in to Reply
    • Sarah Maher says

      November 12, 2024 at 6:23 pm

      Hi!
      You’re right that identity management is all about keeping track of who people are online and making sure their information stays confidential and accurate, adn that access management is super important for making sure only the right people can see or use certain data, or systems. Together, these two processes are key for protecting people nad companies’ information. I’d also add that by managing identities and access well, companies can save time, money, and reduce the risk of unauthorized access.

      Log in to Reply
      • Clement Tetteh-Kpakpah says

        November 12, 2024 at 8:16 pm

        Hello Sarah,
        I greatly agree to the fact that companies tend to save a lot of resources in the form of time, money, and also stand the chance to minimize the risk of unauthorized access to their IT system when they properly practice identity management and access management.

        Log in to Reply
  8. Daniel Akoto-Bamfo says

    November 9, 2024 at 11:56 pm

    Identity management encompasses the comprehensive oversight of user identities within an organization, focusing on their attributes and the entire lifecycle of each identity. This essential process ensures that only the appropriate individuals have access to the necessary credentials and attributes for their specific roles. By diligently managing this aspect, organizations can significantly enhance their security while also empowering users to engage effectively with the resources crucial for their productivity and success. Ultimately, this not only improves operational efficiency but also cultivates a secure and empowering workplace environment.

    On the other hand, access management is a critical aspect of information security that focuses on regulating and overseeing how individuals gain access to various resources within an organization. This process relies on accurately authenticated identities to determine who is allowed entry. By implementing access management, organizations ensure that users can only interact with the resources they are explicitly authorized to access, based on their specific roles and permissions. This system not only protects sensitive information but also maintains operational integrity by preventing unauthorized access and ensuring compliance with regulatory requirements.

    Log in to Reply
    • Yash Mane says

      November 12, 2024 at 9:00 pm

      Hi Daniel,
      I agree with your explanation of identity and access management. Identity management indeed focuses on the entire lifecycle of a user’s identity within an organization, which is vital for ensuring that users only have the credentials they need for their roles. I like how you highlighted that this enhances both security and productivity—it’s crucial for balancing operational efficiency with strong security measures. Your points on access management are also well-stated; access management indeed ensures that each user interacts only with the resources they are permitted to access, safeguarding sensitive information and maintaining compliance. Both processes work hand-in-hand to create a secure and efficient environment, which is essential for protecting organizational assets.

      Log in to Reply
  9. Sarah Maher says

    November 10, 2024 at 10:51 am

    Identity management and access management is a who vs what. Identity management includes representing who the user is and maintaining and authenticating that representation. The elements of identity management include, privacy (“the right to be let alone”) and user-centric identity management. There have to be tradeoffs/balancing of efficiency and security for identity management on the user end.

    Access management is what a user can/is authorized to see. Over time the goal is to to simplify user experience while strengthening authentication. Stronger authentication is a huge aspect of access management, to ensure that only authorized users gain access to specific resources.

    Identity management and access management go hand in hand, because access management and authentication relies on strong identity management.

    Log in to Reply
    • Clement Tetteh-Kpakpah says

      November 12, 2024 at 8:09 pm

      Hi Sarah,
      Thanks for this great response and I do agree with you line of thought in the sense that Identity management truly addresses the question of who the user is, and it involves user creation, authentication, and identity lifecycle management. It checks that users are correctly verified, and their identities are secure. Access management refers to what users can have access to after they have been authenticated. This would majorly be based on policies that could take an easily adaptable role-based or attribute-based access control form to determine the level of access. This should, therefore, employ a strong authentication system, such as multi-factor authentication. Put together, they will form one full IAM system wherein user identities are secured through controlled access to sensitive resources.

      Log in to Reply
    • Lili Zhang says

      November 13, 2024 at 9:15 am

      Hi Sarah, I completely agree with your distinction between identity and access management. I’d like to add that the challenge often lies in integrating both systems seamlessly. Organizations need to balance not only efficiency and security but also user experience. This can involve adopting technologies like single sign-on (SSO) and multi-factor authentication (MFA) to enhance both identity verification and access control.

      Log in to Reply
  10. Rohith says

    November 10, 2024 at 12:08 pm

    Identity management and access management are closely related but differ in the in the field of information security.
    Identity management focuses on management of digital identities and their attributes, Identity management involves processes such as :-
    Provisioning which includes creation, modification and deletion of new or existing IDs.
    Authentication: Verifying user identities.
    Authorization: Determining user access rights.
    Single Sign-On: Enabling single login for multiple applications.
    Password Management: Enforcing strong password techniques

    On the Other hand Access management, which mainly focuses on access, It is the Process of controlling and monitoring access to the data. It ensures that only authorized individuals have the necessary permissions to perform specific tasks and access specific information. Processes are
    Request and Approval: Users request access, which is evaluated and approved.
    Provisioning and De-provisioning: Creating and revoking access rights.
    Review: Regularly reviewing and verifying access rights.
    Role-Based Access Control: Assigning permissions based on roles.

    Log in to Reply
    • Elias Johnston says

      November 12, 2024 at 11:15 pm

      Hi Rohith,

      I think you did a great job on your post, including the processes was a very nice feature and it definitely adds a lot more insight into the differences between identity and access management. You mentioned regular review of access management rights. How often do you think those rights should be reviewed? Is that a weekly, monthly, or semi-annual chore? Great post!

      Log in to Reply
  11. Yash Mane says

    November 10, 2024 at 7:01 pm

    Within security, identity management and access management are two different but complimentary domains.
    Establishing and confirming user identities is the main goal of identity management. To make sure the right person is using the system, it entails establishing, preserving, and authenticating a user’s digital identity. In order to prevent identity theft and preserve user privacy, identity management procedures such as user registration and authentication verify that users are who they say they are.

    What authorized users can perform inside the system is managed by access management. Access management establishes what resources or data a person may access depending on their job or degree of privilege after confirming their identification. This guarantees that users only have access to the data they need and prevents unwanted access.

    Identity management essentially responds to the question, “Who is this user?” whereas “What can this user do?” is the response from access management. Both are essential for keeping online systems private and safe.

    Log in to Reply
    • Parth Tyagi says

      November 12, 2024 at 7:37 pm

      Hi Yash,

      Very nicely formulated answer! I would like to bring to your notice another concept called Identity Federation. a system that allows users to access multiple applications and resources with a single set of credentials. It works by linking a user’s identity across multiple identity management systems. Identity federation works as a bridge between identity management and access management, increasing efficiency and technical integration in both processes.

      Log in to Reply
    • Charles Lemon says

      November 12, 2024 at 10:17 pm

      I concur with your assessment that identity management and access management are complementary yet distinct areas within security. Your description of identity management as centering on the verification and authentication of a user’s identity is accurate, and you also highlight an important aspect regarding how this procedure aids in preventing identity theft and safeguarding privacy. Likewise, your explanation of access management effectively illustrates that it involves limiting users’ actions according to their roles or permissions in the system. I value how you encapsulated the relationship between the two, with identity management addressing “Who is this user?” and access management addressing “What actions can this user perform?” This differentiation is essential for upholding strong security, as both elements collaborate to guarantee that only permitted users can access the relevant resources. Your post emphasizes the crucial functions both serve in safeguarding sensitive information and maintaining operational security.

      Log in to Reply
  12. Elias Johnston says

    November 10, 2024 at 10:31 pm

    The difference between Identity Management and Access Management is separated by the goal of each process. Identity Management aims to authenticate and manage user identity in hopes of ensuring that the user is who they say they are. The main goal of Identity Management is to verify the user and prevent identity fraud. Access Management is about defending an area and allowing only select individuals with proper clearances from accessing that area. By granting/restricting access to certain areas, Access Management offers protection and security for systems. Identity and Access Management work in tandem verify and secure access to vital systems.

    Log in to Reply
    • Daniel Akoto-Bamfo says

      November 12, 2024 at 8:28 pm

      Hi Elias,
      Nice work with your submission. Your explanation of the goal of identity management and access management was clear and comprehensible. I found how you portrayed these two functions operating together to be insightful, emphasizing the practical significance of implementing both identity and access management effectively.

      Log in to Reply
  13. Aaroush Bhanot says

    November 10, 2024 at 11:03 pm

    Identity Management (IdM) and Access Management (AM) are related but distinct aspects of security systems dealing with user identity and system permissions.

    Identity Management refers to the processes and technologies used to manage and maintain user identities, their attributes, and the lifecycle of identities within an organization. It focuses on authenticating and verifying users’ identities, ensuring the right individuals are recognized across various systems. The goal of identity management is to ensure that the correct user identity is established and maintained securely over time. Identity Management is about identifying and verifying users, managing user identity data, and ensuring that these processes are secure.

    Access Management refers to the authorization of user activities and decisions about what authenticated users are allowed to do within a system. It operates once identity management confirms who the user is and determines the level of access or permissions they have.The goal of access management is to ensure that users have the appropriate level of access to resources, preventing unauthorized access to sensitive data and systems. Access Management builds on that verification, controlling what those identified users are allowed to do within a system or network.

    Log in to Reply
    • Lily Li says

      November 12, 2024 at 2:59 pm

      Hi Aaroush,

      Great post! You provided some great examples on the difference between identity management and access management. I like how you highlighted how identity management is about establishing ‘who’ the user is, while access management ensures they only access resources that they are permitted to. Effective IdM and AM processes help maintain security without creating excessive complexity for users.

      Log in to Reply
    • Haozhe Zhang says

      November 12, 2024 at 11:54 pm

      Hey Aaroush
      I like the elaboration you provided regarding IdM and AM. However, there are a lot of challenges to the actual deployment of such systems. For IdM, maintaining accurate and current information on users in all systems is not easy. That is especially so when the organizations are growing dynamically-and all that simultaneously. That typically requires labor-intensive integrations and resources to share real-time data securely.
      The success of AM lies in its ability to balance security and convenience for the user. It is as tricky to define roles and permissions as it is in RBAC, because mismanagement leads to either too much access, which raises security risks, or very limited access, which can be counterproductive to productivity.
      What strategies or tools do you consider most helpful in enhancing IAM efficiency and security?

      Log in to Reply
  14. Charles Lemon says

    November 10, 2024 at 11:16 pm

    Identity management (IDM) and access management (AM) are interrelated concepts, yet they fulfill different roles in the fields of cybersecurity and IT governance.

    Identity management primarily emphasizes the lifecycle of user identities in an organization. This includes creating, managing, and removing user profiles while ensuring that every identity is accurately verified and associated with the right person or organization. IDM encompasses activities like onboarding and offboarding staff, assigning positions, and overseeing credentials. It guarantees that only permitted users are present in the system and that their personal and professional information is correct and current.

    Conversely, access management regulates how and when verified users can reach certain resources or applications. While IDM verifies the identity correctly, AM regulates the permissions and privileges assigned to that identity. It implements regulations that define which resources a user can utilize, how they may engage with those resources, and the circumstances involved. AM generally includes role-based access control (RBAC), multi-factor authentication (MFA), and authorization policies to manage access.

    In summary, identity management focuses on handling a user’s identity, whereas access management deals with regulating what a user is permitted to do after their identity is confirmed. Both are crucial for safeguarding IT environments, with IDM guaranteeing user identity integrity and AM making sure those identities receive the correct access level.

    Log in to Reply
  15. Parth Tyagi says

    November 10, 2024 at 11:53 pm

    Identity management and access management are two related but distinct parts of security based on their origins. Identity management focuses on verifying “who” someone is within a system, ensuring each user has a unique digital identity. It involves processes like creating, updating, and deleting user profiles.

    Access management, on the other hand, controls “what” that identity can do, aka what we call authorization, access management enables that! It enforces permissions based on the verified identity, dictating what resources users can access, such as files, systems, or applications. Together, identity and access management (IAM) work to ensure that only the right individuals have the right access at the right times.

    Log in to Reply
    • Haozhe Zhang says

      November 12, 2024 at 11:55 pm

      Hey Parth
      You’ve outlined the core roles of identity and access management (IAM) very well. Identity management is all about establishing and verifying a unique digital identity for each user, while access management focuses on authorizing what those identities can access. Together, they form a comprehensive security approach to ensure users only have access to what they need, when they need it. How do you think IAM can evolve to address emerging security challenges, especially with the rise of remote work and cloud-based systems?

      Log in to Reply
  16. Haozhe Zhang says

    November 11, 2024 at 12:01 am

    Identity management and access management are complementary in nature with respect to an organization’s security framework. Identity management deals with the authentication and maintenance of user identities, ensuring that every subject in the system has a unique and authentic identity. It would further deal with creating, storing, and handling user credentials, such as username and password among other forms of identity attributes, safely. Access management, on one hand, regulates what identified users can access on the system. It controls access by setting constraints on users, allowing them to access only the information and resources they have permission to use. Very often, it is accomplished with role-based access control tools. In general, identity and access management ensure that the right people have access to the right resources, thereby enhancing security and reducing the likelihood of a potential risk.

    Log in to Reply
  17. Rohith says

    November 12, 2024 at 11:59 am

    Great points Lily, I would like add that both identity and access management are intertwined, A well streamlined IAM can smoothen the user provisioning and de-provisioning and access management process. This integration can effectively improve operational efficiency and enhance security.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in