12 Identity Management Books Every IAM Pro Should Read
Identity management is a fundamental part of organizational information security, yet too many businesses still rely on username and password combinations, the simplest, oldest form of authentication, to do the job.
Time and time again, that method has been proven dangerously insecure and many times an organization’s failure to modernize Identity and access management (IAM) tech and practices results in a spectacular public failure, a crisis of confidence, and a class action lawsuit.
For those information security professionals trying to push their organization into the modern era of IAM, it can be difficult to know where to start. IT workers, CIOs, and CISOs looking for new IAM, Identity Governance Administration (IGA) or Identity Management as a service (IDaaS) solutions need a comprehensive overview in order to correctly plan, assess and deploy the right solutions for their organization.
Widget not in any sidebars
There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are often high quality, but sometimes it’s best to do things the old fashioned way—there are few resources that can match the in-depth, comprehensive detail of a good book. And as an added bonus, on paper there are no pop-up notifications to distract you.
With that in mind, we’ve compiled a list of the twelve best identity management books available on Amazon today, listed in no particular order.
Please note that several of these books have been in print for years and may not be up-to-date on the current range of solutions on the market. However, despite their age these books still function well as high-altitude introductions to concepts and ideas that professionals building IAM plans need to be familiar with.
Author(s): Ertem Osmanoglu
As Partner and Principle in the Information Technology Advisory Services practice at multinational professional services firm Ernst and Young, and the leader of the IAM practice at E&Y, author Ertem Osmanoglu is well qualified to write a book on IAM. He’s put those qualifications, along with 18 years of experience in IT, to work in this textbook, which focuses on real-world implementations of IAM solutions, and provide’s a step-by-step method for deploying IAM. The book also includes a companion website with source code examples in several languages.
Author(s): Gram Williamson, David Yip, Ilan Sharoni, and Kent Spaulding
This book may be six years old, but the team of authors (made up of IAM consultants and tech CEOs) writing on key issues of IAM and strategies and preventative measures still holds up today. This book provides strategies for implementing IAM best practices and solutions and breaks down different kinds of solutions (such as single sign-ons and role-based access controls) for the reader.
Author(s): Gerard Blokdijk
This book by Gerard Blokdijk, author of 300 service, management, and IT bestsellers around the world, is packed with ready to use insights for identity management success. Based on Blokdijk’s extensive research, this book reveals the best practices of the most successful Identity and Access Management initiatives.
The seventh edition of the Official Certified Information Systems Securty Professional (CISSP) Study Guide covers 100% of exam 2015 CISSP (ISC)2 candidate information bulletin objectives including, Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptography and much more.
Author(s): Kiran Kumar Pabbath
This book is a good resource for building a general knowledge of IAM technology and terminology and is not focused on any specific IAM tool or product. Pabbath provides deep-delving information on Identity Management with respect to process, technology, best practices, checklists, and general methodology.
This book is specifically designed to be accessible to the general IT practitioner, perfect for those of your just getting involved in information security. With this goal in mind, author Peter Omondi Orondo teases out the basic concepts of IAM in a way that anyone with some college education will be able to understand.
A practical resource offering an in-depth understanding of how IAM solutions are designed, deployed and assessed. Bertino and Takahashi provide a comprehensive overview of current trends and future directions in identity management in this well-organized guide to IAM.
This book is focused on the managerial aspects of information security— the access control models, information security governance, and information security program assessment and metrics that make up the macro-view of Identity Management. With coverage on the foundational and technical components of information security, authors Michael Whitman and Herbert Mattord provided a strong basis for building an understanding of IAM best practices.
This book helps researchers and practitioners in digital identity management generate innovative answers to an assortment of problems, as system managers are faced with major organizational, economic and market changes.
Author(s): Phillip J. Windley
One of the oldest identity management books, Digital Identity was written nearly ten years ago by Phil Windley is the Founder and Chief Technology Officer of Kynetx, details what is commonly known as “identity management architecture” (IMA): a method to provide ample protection while giving good guys access to vital information and systems. While the acronym IMA may have fallen out of favor, many of the main ideas presented in this book are as strong and viable today as they were in 2008.
This book describes the different technical and legal approaches to protect digital identities with a focus on authentication systems, identity federation techniques, and privacy preservation solutions.
Author(s): Don Murdoch
The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders and InfoSec pros alike. The book is peppered with practical real life techniques from the authors extensive career working in academia and a corporate setting.
Widget not in any sidebars
And watch this for the 10 Best Resources for Evaluating IAM solutions: