Free Analyst Identity And Access Management Course (6Months)

Analyst Identity And Access Management

Analyst Identity And Access Management:

Analyst Identity and Access Mangement (IdAM): In the IT-ITeS Industry the roles of IdAM Provisioner and IdAM Reconciler could be different or merged with Administrator IdAM. An Analyst IdAM will be able to perform all three of the roles mentioned.

Brief Job Description: This job role is responsible for implementing, maintaining, provisioning and reconciling identity and access to information technology and data.

Personal Attributes: This job may require the individual to work independently
and take decisions for his/her own area of work as well as be a team player. The individual should have a high level of analytical thinking ability, passion for information security and attention for detail. Should be ethical, compliance and result oriented, should also be able to demonstrate interpersonal skills, along with willingness to undertake desk-based job with long working hours.
Introduction

Implement and maintain identity and access management solutions in line with organizational policies and standards:

Performance Criteria

be competent, you must be able to:
PC1. receive specifications and organisational policy and standards for information technology and data related identity and access management from authorised sources
PC2. Identify, access and apply identity and access management tools and methods across the SDLC lifecycle
PC3. define user roles and access controls necessary for application usage and data access in line with organisational policies
PC4. provide logical physical access as per Security Policy
PC5. configure and implement custom extensions to identity and access management security tools in order to meet organisational requirements
PC6. implement account provisioning processes to ensure that user account creation and access to software and data is consistent, simple to administer and in line with organisational policies and standards
PC7. implement authentication mechanisms as per specifications
PC8. incorporate identity and access management program controls in all relevant system in co-ordination with application owners
PC9. implement upgrades and manage patch status for identity and access management systems in line with organisational standards
PC10. implement local network usage policies and procedures
PC11. install and configure middleware for the solution in Application Server and Database layer, as per specifications
PC12. install server files, updates, and enhancements as per specifications
PC13. manage server resources including performance, capacity, availability serviceability, and recoverability
PC14. maintain identity and access management services in line with organisational needs
PC15. maintain baseline system security according to organizational policies
PC16. monitor and maintain server configuration
PC17. administer fixes, patches, & recovery procedures specified in the event of a security breach
PC18. customize identity and access management solutions as per requirement specified by authorised personnel
PC19. assist with identity and access management integration across systems and applications to meet business requirements
PC20. complete own assigned tasks and activities to defined standards and timelines
PC21. complete monthly reporting dashboard for the monitoring and continual improvement of the Identity and Access Management program
PC22. perform documentation of activities performed with all relevant details for compliance
PC23. correctly follow and apply the policies and standards relating to information security identity and access management activities
PC24. ensure that customer needs are met to service level agreement
PC25. meet time and quality commitments as per organisational performance standards

. Organizational
Context
You need to know and understand:
KA1. relevant legislation, standards, policies, and procedures followed in the company
KA2. organization’s knowledge base and how to access and update this
KA3. limits of your role and responsibilities and who to seek guidance from
KA4. the organizational systems, procedures and tasks/checklists within the domain and how to use these
KA5. Organizational hierarchy and management structure
KA6. Basics of HR systems and ERP in the organization
KA7. how to engage with both internal and external specialists for support in order to resolve incidents and service requests
KA8. service request procedures, tools, and techniques
KA9. the operating procedures that are applicable to the system(s) being used
KA10. typical response times and service times related to own work area
KA11. standard tools and templates available and how to use these

Technical
Knowledge
You need to know and understand:
KB1. basic cyber security concepts
KB2. how vulnerabilities can be identified and resolved
KB3. what is meant by identity and access management and how to implement it
KB4. the organizational structure and management processes for identities of employees, contractors, customers and other constituents
KB5. the organizational polices and standards that are used for identity and access management and how to apply them
KB6. the main features of an identity and access management system that facilitates the management of electronic identities and access privileges
KB7. range of supporting technologies and protocols relevant to identity and access management
KB8. Convergence of physical and logical systems with respect to identity and access control
KB9. the range of tools, software and techniques that are used for identity and access management and how to apply them
KB10. end-to-end identity lifecycle management
KB11. user account provisioning and workflow processes
KB12. risk profiling
KB13. processes for authentication, authorization and entitlement to access different systems and data across an organization
KB14. various aspects of Active Directory, Exchange, file share, SharePoint, custom applications, and remote access issues
KB15. federated solutions and privileged identity management
KB16. delegated administration, provisioning
KB17. service oriented architecture (SOA)
KB18. processes for database access to specific datasets and data security and privacy concerns
KB19. interpretation of IdAM policy with respect to management of electronic identities and access privileges
KB20. the underlying database structure that is used in information systems access privileges is in order to successfully manage identities and access.
KB21. what the organizational security architecture is and how to apply this
KB22. the need to ensure that identity and access management operations align to changing business needs
KB23. the need to modify access controls in line with employees changing responsibilities, including removal of access when no longer required

KB24. the importance of monitoring access controls in relation to regulatory compliance requirements
KB25. how to identify possible future requirements for the identity and access
KB26. the basic functionalities of the applications, hardware and/or access rights that are used by the customers
KB27. best practices and new technological developments in identity and access management security
KB28. basics of mobile access and identity security and cloud access and identity security

Writing Skills
You need to know and understand how to:
SA1. complete accurate well written work with attention to detail
SA2. document call logs, reports, task lists, and schedules with co-workers
SA3. prepare status and progress reports
SA4. log calls and raise tickets in the SIEM tool, providing proper indicators and descriptions as required
SA5. write memos and e-mail to customers, co-workers, and vendors to provide them with work updates and to request appropriate information without English language errors regarding grammar or sentence construct and following professional etiquettes

Reading Skills
You need to know and understand how to:
SA6. read about new products and services with reference to the organization and also from external forums such as websites and blogs
SA7. keep abreast with the latest knowledge by reading brochures, pamphlets, and product information sheets
SA8. read comments, suggestions, and responses to Frequently Asked Questions (FAQs) posted on the helpdesk portal
SA9. read policy manual, standard operating procedures and service level agreements relevant to work area
SA10. read emails received from own team, across team and external vendors and clients

Oral Communication (Listening and Speaking skills)
You need to know and understand how to:
SA11. discuss task lists, schedules, and work-loads with co-workers
SA12. give clear instructions to specialists/vendors/users/clients as required
SA13. keep stakeholders informed about progress SA14. avoid using jargon, slang or acronyms when communicating with a customer, unless it is required
SA15. receive and make phone calls, including call forward, call hold, and call mute
B. Professional Skills
Decision Making
You need to know and understand how to:
SB1. follow rule-based decision-making processes
SB2. make a decision on a suitable course of action
Plan and Organize
You need to know and understand how to:
SB3. plan and organize your work to achieve targets and deadlines
Customer Centricity
You need to know and understand how to:
SB4. Identify internal or external customer requirement and priorities clearly with respect to work at hand
SB5. carry out rule-based transactions in line with customer-specific guidelines, procedures, rules and service level agreements
SB6. check that your own and/or your peers work meets customer requirements
Problem Solving
You need to know and understand how to:
SB7. apply problem-solving approaches in different situations
SB8. seek clarification on problems from others
Analytical Thinking
You need to know and understand how to:
SB9. analyze data and activities
SB10. configure data and disseminate relevant information to others
SB11. pass on relevant information to others
Critical Thinking
You need to know and understand how to:
SB12. provide opinions on work in a detailed and constructive way
SB13. apply balanced judgments to different situations
Attention to Detail
You need to know and understand how to:
SB14. check your work is complete and free from errors
Team Working
You need to know and understand how to:
SB15. work effectively in a team environment
SB16. work independently and collaboratively

Technical Skills
You need to know and understand how to:
SC1. implement multiple authentication techniques
SC2. customize the identity and access management system to align to business processes and the security architecture
SC3. analyse and modify the underlying database structure that is used in information systems access privileges
SC4. operate console of security information and event management tools (SIEM)
SC5. work on various operating system
SC6. Work with word processers, spreadsheets and presentations
SC7. Stay abreast of the latest developments in terms of industry standards and information security tools and techniques

Best Answer to the Question - Where Do You See Yourself in 5 Years?

Provision access rights at the computing system for users and resources:

Performance Criteria

PC1. create, modify and delete identity and standard profiles as per organisational policy on the identity manager software for users, systems and computers
PC2. create standard profiles for groups of users as per organisational policy
PC3. receive user access requests in specified formats with due authorisations
PC4. create and modify, delete system access IDs for various systems
PC5. ensure adherence to laid out procedures to add, transfer, or delete an employee’s accessibility to information resources
PC6. assign appropriate user permissions and logical physical access as per specifications and in line with identity and access control policies
PC7. ensure proper permissions are enforced on user directories, distribution lists, mailboxes, folders, and files too
PC8. provide guidance on user profiles to immediate colleagues
PC9. manage accounts, network rights, and access to systems and equipment
PC10. process access requests according to standard operating procedures and service level commitments
PC11. ensure that internal and external customer needs are met to service level agreement
PC12. meet time and quality commitments as per organisational performance standards
PC13. provide guidance and suggestions as appropriate
PC14. complete own assigned tasks and activities to defined standards and timelines
PC15. correctly follow and apply the policies and standards relating to information security identity and access management activities

Organizational
Context (Knowledge of the company/ organization and its processes)
You need to know and understand:
KA1. relevant legislation, standards, policies, and procedures followed in the company
KA2. organization’s knowledge base and how to access and update this
KA3. limits of your role and responsibilities and who to seek guidance from
KA4. the organizational systems, procedures and tasks/checklists within the domain and how to use these

KA5. Organizational hierarchy and management structure
KA6. HR systems
KA7. how to engage with both internal and external specialists for support in order to resolve incidents and service requests
KA8. service request procedures, tools, and techniques
KA9. the operating procedures that are applicable to the system(s) being used
KA10. typical response times and service times related to own work area
KA11. computer network defense (CND) policies, procedures, and regulations
Technical
Knowledge

You need to know and understand:
KB1. Basic cyber security concepts e.g. the importance of confidentiality, integrity and availability for information systems; common types of malicious code; types of threats facing the information security of individuals and organizations; sources of threats to information security in terms of opportunity, ability and motive
KB2. how vulnerabilities can be identified and resolved
KB3. what is meant by identity and access management and how to implement it
KB4. the organizational structure and management processes for identities of employees, contractors, customers and other constituents
KB5. the organizational polices and standards that are used for identity and access management and how to apply them
KB6. the main features of an identity and access management system that facilitates the management of electronic identities and access privileges
KB7. range of supporting technologies and protocols relevant to identity and access management
KB8. the range of tools, software and techniques that are used for identity and access management and how to apply them
KB9. end-to-end identity lifecycle management
KB10. user account provisioning and workflow processes
KB11. processes for authentication and entitlement to access different systems and data across an organization
KB12. processes for database access to specific datasets and data security and privacy concerns
KB13. interpretation of IdAM policy with respect to management of electronic identities and access privileges
KB14. the underlying database structure that is used in information systems access privileges
KB15. what the organizational security architecture is and how to apply this
KB16. the need to ensure that identity and access management operations align to changing business needs
KB17. the need to modify access controls in line with employees changing responsibilities, including removal of access when no longer required
KB18. the importance of monitoring access controls in relation to regulatory compliance requirements
KB19. how to identify possible future requirements for the identity and access
KB20. the basic functionalities of the applications, hardware and/or access rights that are used by the customers
KB21. various aspects of Active Directory, Exchange, file share, SharePoint, custom applications, and remote access issues
KB22. federated solutions and privileged identity management
KB23. best practices for IAM implementation
KB24. Internet ports, protocols and services and their usefulness
KB25. Security solutions like Firewall, IDS/IPS, web security gateways, email security, content management, etc.

Writing Skills
The user/ individual on the job needs to know and understand how to:
SA1. document call logs, reports, task lists, and schedules with co-workers
SA2. prepare status and progress reports
SA3. write memos and e-mail to customers, co-workers, and vendors to provide them with work updates and to request appropriate information without English language errors regarding grammar or sentence construct and following professional etiquettes

Reading Skills
The user/individual on the job needs to know and understand how to:
SA4. read about new products and services with reference to the organization and also from external forums such as websites and blogs
SA5. keep abreast with the latest knowledge by reading brochures, pamphlets, and product information sheets
SA6. read comments, suggestions, and responses to Frequently Asked Questions (FAQs) posted on the helpdesk portal
SA7. read policy manual, standard operating procedures and service level agreements relevant to work area
SA8. read emails received from own team, across team and external vendors and clients

Oral Communication (Listening and Speaking skills)
The user/individual on the job needs to know and understand how to:SA9. discuss task lists, schedules, and work-loads with co-workers
SA10. give clear instructions to specialists/vendors/users/clients as required
SA11. keep stakeholders informed about progress
SA12. avoid using jargon, slang or acronyms when communicating with a customer, unless it is required
SA13. receive and make phone calls, including call forward, call hold, and call mute
B. Professional Skills
Decision Making
The user/individual on the job needs to know and understand how to:
SB1. follow rule-based decision-making processes
SB2. make decisions on suitable courses of action
Plan and Organize
The user/individual on the job needs to know and understand:
SB3. plan and organize your work to achieve targets and deadlines
Customer Centricity
The user/individual on the job needs to know and understand how to:
SB4. carry out rule-based transactions in line with customer-specific guidelines,
SB5. procedures, rules and service level agreements
SB6. check your own and/or your peers work meets customer requirements
Problem Solving
The user/individual on the job needs to know and understand how to:
SB7. apply problem-solving approaches in different situations
SB8. seek clarification on problems from others
Analytical Thinking
The user/individual on the job needs to know and understand how to:
SB9. analyze data and activities
SB10. configure data and disseminate relevant information to others
SB11. pass on relevant information to others
Critical Thinking
The user/individual on the job needs to know and understand how to:
SB12. provide opinions on work in a detailed and constructive way
SB13. apply balanced judgments to different situations
Attention to Detail
You need to know and understand how to:
SB14. apply good attention to details
SB15. check your work is complete and free from errors
Team Working
You need to know and understand how to:
SB16. work effectively in a team environment

SB17. contribute to the quality of team working
SB18. work independently and collaboratively
C. Technical Skills
You need to know and understand how to:
SC1. implement multiple authentication techniques
SC2. analyse and modify the underlying database structure that is used in information systems access privileges
SC3. work on various operating systems
SC4. work with word processors, spreadsheets and presentations
SC5. stay abreast of the latest developments in terms of industry standards and information security tools and techniques

Workshop on Management of Occupational Safety and Health in International  Organizations | ITCILO

Conduct assessment and reconciliation of access rights at the computing systems for users and resources:

Performance Criteria

PC1. obtain information or raw data from existing repositories
PC2. mine or discover roles based on existing access rights and entitlements data for applications, email, system assets, file repositories and devices used by the organization’s employees and other stakeholders
PC3. compare the as-is situation for access with defined access for roles as per policy
PC4. validate against master data from ERP/SAP
PC5. eliminate conflicts and complete missing information
PC6. indicate requirement of roles access rights and entitlements adjustment where there are discrepancies between as-is situation for access and defined access as per policy
PC7. obtain a validation for the adjustments done by the role custodian from the business unit
PC8. consult with human resource management function, information security function or business stakeholders and ratify data
PC9. cleanup and streamline privileges and group definitions in consultation with human resource management function, information security function or business stakeholders
PC10. produce report of the assessment and reconciliation activities undertaken and the outcome of exercise for internal audit and business / application owners
PC11. ensure communication is sent to all users whose role access rights and entitlements have been changed either through the tool or other means
PC12. conduct regular assessments of access rights, application entitlements,

service accounts, special-access and administrative accounts
PC13. ensure adherence to laid out procedures to add, transfer, or delete an employee’s accessibility to information resources
PC14. assign appropriate user permissions as per specifications and in line with identity and access control policies
PC15. administer user directories, distribution lists, mailboxes, folders, and files
PC16. manage directory structures to ensure proper permissions are enforced
PC17. complete own assigned tasks and activities to defined standards and timelines
PC18. correctly follow and apply the policies and standards relating to information security identity and access management activities

Organizational
Context (Knowledge of the company/ organization and its processes)
You need to know and understand:
KA1. relevant legislation, standards, policies, and procedures followed in the company
KA2. organization’s knowledge base and how to access and update this
KA3. limits of your role and responsibilities and who to seek guidance from
KA4. the organizational systems, procedures and tasks/checklists within the domain and how to use these
KA5. Organizational hierarchy and management structure
KA6. HR systems
KA7. how to engage with both internal and external specialists for support in order to resolve incidents and service requests
KA8. service request procedures, tools, and techniques
KA9. the operating procedures that are applicable to the system(s) being used
KA10. computer network defense (CND) policies, procedures, and regulations

Technical
Knowledge
You need to know and understand:
KB1. the organizational structure and management processes for identities of employees, contractors, customers and other constituents
KB2. the organizational polices and standards that are used for identity and access management and how to apply them
KB3. the main features of an identity and access management system that facilitates the management of electronic identities and access privileges
KB4. range of supporting technologies and protocols relevant to identity and access management including
KB5. the range of tools, software and techniques that are used for identity and access management and how to apply them
KB6. End-to-end user lifecycle managementKB7. user account provisioning and workflow processes
KB8. processes for authentication and entitlement to access different systems and data across an organization
KB9. processes for database access to specific datasets and data security and privacy concerns
KB10. interpretation of IdAM policy with respect to management of electronic identities and access privileges
KB11. the underlying database structure that is used in information systems access privileges
KB12. what the organizational security architecture is and how to apply this
KB13. the need to ensure that identity and access management operations align to changing business needs
KB14. the need to modify access controls in line with employees changing responsibilities, including removal of access when no longer required
KB15. the importance of monitoring access controls in relation to regulatory compliance for sensitive data
KB16. how to identify possible future requirements for the identity and access
KB17. the basic functionalities of the applications, hardware and/or access rights that are used by the customers
KB18. various aspects of Active Directory, Exchange, file share, SharePoint, custom applications, and remote access issues
KB19. federated solutions and privileged identity management
KB20. best practices for IAM implementation
KB21. Information Security concepts, policies, and procedures including the importance of confidentiality, integrity and availability
KB22. information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption), Information Systems/Network Security

Writing Skills

The user/ individual on the job needs to know and understand how to:
SA1. document call logs, reports, task lists, and schedules with co-workers
SA2. prepare status and progress reports
SA3. write memos and e-mail to customers, co-workers, and vendors to provide them with work updates and to request appropriate information without English language errors regarding grammar or sentence construct and following professional etiquettes

Reading Skills
The user/individual on the job needs to know and understand how to:

SA4. read about new products and services with reference to the organization and also from external forums such as websites and blogs
SA5. keep abreast with the latest knowledge by reading brochures, pamphlets, and product information sheets
SA6. read comments, suggestions, and responses to Frequently Asked Questions (FAQs) posted on the helpdesk portal
SA7. read policy manual, standard operating procedures and service level agreements relevant to work area
SA8. read emails received from own team, across team and external vendors and clients

Oral Communication (Listening and Speaking skills)
The user/individual on the job needs to know and understand how to:
SA9. discuss task lists, schedules, and work-loads with co-workers
SA10. give clear instructions to specialists/vendors/users/clients as required
SA11. keep stakeholders informed about progress
SA12. avoid using jargon, slang or acronyms when communicating with a customer, unless it is required
SA13. receive and make phone calls, including call forward, call hold, and call mute

.

Human Resource Training In Dubai

Professional Skills

Decision Making
The user/individual on the job needs to know and understand how to:
SB1. follow rule-based decision-making processes
SB2. make decisions on suitable courses of action

Plan and Organize
The user/individual on the job needs to know and understand:
SB3. plan and organize your work to achieve targets and deadlines

Customer Centricity
The user/individual on the job needs to know and understand how to:
SB4. carry out rule-based transactions in line with customer-specific guidelines,
SB5. procedures, rules and service level agreements
SB6. check your own and/or your peers work meets customer requirements

Problem Solving
The user/individual on the job needs to know and understand how to:
SB7. apply problem-solving approaches in different situations
SB8. seek clarification on problems from others

Analytical Thinking
The user/individual on the job needs to know and understand how to:
SB9. analyze data and activities
SB10. configure data and disseminate relevant information to others

Critical Thinking
The user/individual on the job needs to know and understand how to:
SB12. provide opinions on work in a detailed and constructive way
SB13. apply balanced judgments to different situations

Attention to Detail
You need to know and understand how to:
SB14. apply good attention to details
SB15. check your work is complete and free from errors

Team Working
You need to know and understand how to:
SB16. work effectively in a team environment
SB17. contribute to the quality of team working
SB18. work independently and collaboratively

Technical Skills
You need to know and understand how to:
SC1. work on various operating systems
SC2. work with word processors, spreadsheets and presentations
SC3. stay abreast of the latest developments in terms of industry standards and information security tools and techniques

Guidelines for Assessment:

  1. Criteria for assessment for each Qualification Pack (QP) will be created by the Sector Skill Council (SSC). Each performance criteria (PC) will be assigned Theory and Skill/Practical marks proportional to its importance in NOS.
  2. The assessment will be conducted online through assessment providers authorised by SSC.
  3. Format of questions will include a variety of styles suitable to the PC being tested such as multiple choice questions, fill in the blanks, situational judgment test, simulation and programming test.
  4. To pass a QP, a trainee should pass each individual NOS. Standard passing criteria for each NOS is 70%.