Top 4 Books on Identity and Access Management

IAMIAMBOOKSBOOKSIdentity and access management (IAM) is a fundamental part of organizational information security, yet too many businesses still rely on the simplest, oldest form of authentication: username and password, to do the job.

Time and time again, that method proves dangerously unsecure and many times an organization’s failure to modernize IAM tech and practices results in a spectacular public failure, a crisis of confidence, and a class action lawsuit.

For those information security professionals trying to push their organization into the modern era of IAM, it can be difficult to know where to start. IT workers and CISO looking for a new IAM solutions need a comprehensive overview in order to correctly plan, assess and deploy the right IAM solutions for their organization.

There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are great, but sometimes it’s best to do things the old fashioned way… there are few resources that can match the in-depth, comprehensive detail of a good book.

With that in mind, I’ve compiled a list of the top four introductory IAM books available on Amazon today, listed in no particular order.

Please note that several of these books have been in print for years and will not be up-to-date on the current range of IAM solutions on the market. However, despite their age these books still function well as high-altitude introductions to concepts and ideas that professionals building IAM plans need to be familiar with.

An Executive Guide to Identity and Access Management by Alasdair Gilchrist
Published: 2015

At 24 pages, this is the shortest book on our list, and honestly, it’s more of an essay than a book. But at $5, this e-books brevity is an asset. Professionals looking for a quick, cheap, and vendor-neutral read needn’t look any further.

Author Alasdair Gilchrist discusses the good, the bad, and the ugly of IAM, best practices, and compliance auditing and even addresses the reasons for high failure rates in solution deployment.


Identity and Access Management: Business Performance Through Connected Intelligence by Ertem Osmanoglu 
Published: 2013

As Partner and Principle in the Information Technology Advisory Services practice at multinational professional services firm Ernst and Young, and the leader of  the IAM practice at E&Y, author Ertem Osmanoglu is well qualified to write a book on IAM. He’s put those qualifications, along with 18 years of experience in IT, to work in this textbook, which focuses on real-world implementations of IAM solutions, and provide’s a step-by-step method for deploying IAM. The book also includes a companion website with source-code examples in several languages.

Identity Management: A Primer by Gram Williamson, David Yip, Ilan Sharoni and Kent Spaulding
Published: 2009

This book may be six years old, but the team of authors (made up of IAM consultants and tech CEOs) writing on key issues of IAM and strategies and preventative measures still holds up today. This book provides strategies for implementing IAM best practices and solutions and breaks down different kinds of solutions (such as single sign-ons and role-based access controls) for the reader.

Mechanics of User Identification and Authentication: Fundamentals of Identity Management by Dobromir Todorov
Published: 2007

Another oldie but goodie. 2007 may seem prehistoric when it comes to computer-related content, but this book about the technical side of identity management and authentication has aged well. Author Dobromir Todorov focuses on the specifics of the user authentication process for UNIX and Windows, addresses advanced applications and services, and common security models.

Because this book is nearly a decade old, modern topics such as cloud computing and BYOD are not addressed. `

And watch this for the 10 Best Resources for Evaluating IAM solutions:

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

One thought on “Top 4 Books on Identity and Access Management”

  1. Fabio says:

    Ertem’s book is my favorite

Comments are closed.