A federal government program has developed an online portal offering health professionals, researchers, and government analysts access to healthcare-related information, products, services, and applications. This service is enabled by an Identity Management (IDM) solution which provides profile-based access to restricted content. However, the program has experienced several incidents where users accessed content that they were not authorized to access. Ki Consulting was retained to conduct a maturity assessment of the IDM solution, offer recommendations for its future development, and create a roadmap for implementing changes.
Ki Consulting conducted a maturity assessment of the program’s policies and practices in the areas of governance, access management, monitoring, change management, incident response, and staff training. The assessment identified both the root causes of the security breaches, and several areas of the program in need of further development in order to ensure future security and efficiency. Ki Consulting offered recommendations for improved security practices, focusing on better change management processes, streamlined and automated user registration and access controls, and a more systematic approach to risk management and review processes. A process for the implementation of these changes was laid out in a roadmap outlining steps to be taken immediately and in the short, medium, and long term.
- Improved change management practices, including better testing protocols and increased communication between stakeholders
- Integration of risk management and information security best practices into the authentication process
- A more efficient, user-friendly, and secure registration process
- Enhanced monitoring, auditing, and review capabilities