By Gil Vidals, , HIPAA Blog, Resources

Many organizations have mission-critical systems that contain sensitive information, such as protected health information (PHI) or personally identifiable information (PII). If those mission-critical systems are breached by hackers, confidential PHI or PII may be extracted, negatively impacting the company’s welfare, operations, and customers they serve.

The enforcement of strong identity (ID) management on a system-wide basis is therefore necessary for these organizations to ensure the protection of these mission-critical systems.

ID management essentially consists of managing the identification, authorization, and authentication of users within an organization’s system. Identification simply refers to verifying the identity of a particular user, including the unique quality that distinguishes that person or thing.

Authorization refers to the permissions given to set identities that allowed users to access certain system resources, software, or data, and not others.

A key characteristic of ID management is to limit user access privileges to only those necessary for employees to perform their daily functions. Authentication refers to the verification or confirmation of a user and matching the user’s credentials with credentials stored in a database.

For ID management to be successful, all departments of a company – from the top down – should be aware of and trained on clearly defined policies.

Compliance, IT, human resources, and security personnel, must all work together if ID management is to be successful. Additionally, training on social engineering techniques and cyber-attack methods may also be helpful for understanding how system resources and integrity may be compromised.

When ID management policies are clearly documented, presented, and enforced, the chance for all unauthorized access to the system is greatly decreased, and mission-critical systems and business processes have a much better chance of remaining operable and secure.