Sometimes, the key to technological advancement is decidedly old-school.
Identity and access management (IAM) is an essential component of any enterprise’s security kit—according to some experts, perhaps the most essential component. Making sure your team understands your IAM solution is another conversation. Your IT security team needs to understand how to manage new capabilities and priorities in your IAM solution in order to best understand how to protect your enterprise.
There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are great, but sometimes it’s best to do things the old-fashioned way… and there are few resources that can match the in-depth, comprehensive detail of good IAM books.
We compiled a short list of the top introductory IAM books. We tried to keep our selection of IAM books to within the past 5 years, and that each is its own kind of rewarding reading experience.
Identity and Access Management: Business Performance Through Connected Intelligence
By Ertem Osmanoglu
One of the classic IAM books, frequently cited on our other book lists.
This book breaks down IAM into manageable components to ease systemwide implementation. The hands-on, end-to-end approach includes a proven step-by-step method for deploying IAM that has been used successfully in over 200 deployments. The book also provides reusable templates and source code examples in Java, XML, and SPML.
You can purchase Ertem Osmanoglu’s Identity and Access Management: Business Performance Through Connected Intelligence here.
Identity & Access Management: A Systems Engineering Approach
By Omondi Orondo, Ph.D
Another classic, remaining one of the most cited IAM books.
The book is a powerful, novel approach to the analysis and synthesis of IAM systems.
It is motivated by the realization that the current practice of Information Systems in general, and Identity and Access Management in particular, is increasingly divorced from its Systems Engineering underpinnings. Even for the most innovative and resourceful practitioners, the architecture, design, implementation, and support of enterprise Information Technology systems has taken a complex inferential approach, driven by algorithmic and rule-based protocols and standards.
You can purchase Omondi Orondo’s Identity & Access Management: A Systems Engineering Approach here.
Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
By Don Murdoch GSE
This title is not one of the normal IAM books, but it is a vital read for security team members regardless of your enterprise’s size!
The BTHb includes essential information in a condensed handbook format. Main topics include the incident response process, how attackers work, common tools for incident response, a methodology for network analysis, common indicators of compromise, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, packet headers, and numerous other quick reference topics.
You can purchase Don Murdoch’s Blue Team Handbook here.
Management of Information Security
By Michael E. Whitman and Herbert J. Mattord
The third edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO 27000 series. With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger on the pulse of industry changes and academic relevance.
You can purchase Michael E. Whitman’s and Herbert J. Mattord’s Management of Information Security here.
Identity Management: A Primer
By Graham Williamson, David Yip, and Ilan Sharoni
A solid training source, for either your team members or yourself!
Providing strategies for overcoming this task in real-world terms as well as questions that assist in focusing on the key issues in each chapter—ranging from role-based access control to single sign-ons and electronic identity smart cards—this text provides students and professionals alike with a valuable tool for understanding the complexity of identity in a virtual world.
You can purchase Graham Williamson’s, David Yip’s, and Ilan Sharoni’s Identity Management: A Primer here.
Identity Management: Concepts, Technologies, and Systems
By Elisa Bertino and Kenji Takahashi
Digital identity can be defined as the digital representation of the information known about a specific individual or organization. Digital identity management technology is an essential function in customizing and enhancing the network user experience, protecting privacy, underpinning accountability in transactions and interactions, and complying with regulatory controls.
You can purchase Elisa Bertino’s and Kenji Takahashi’s Identity Management: Concepts, Technologies, and Systems here.
Focus on IAM (Identity and Access Management)
By Kiran Kumar Pabbathi
This is the 2016 Edition of Focus on IAM (Identity and Access Management), a very unique book addressing all the facets of IAM. It is written for all IAM and Information security professionals in IT. This book is not focused on any specific IAM tool/ product; it will provide the deep delving information on Identity and Access Management with respect to process, technology, best practices, checklists, etc.
You can purchase Kiran Kumar Pabbathi’s Focus on IAM (Identity and Access Management) here.
Digital Identity: Unmasking Identity Management Architecture (IMA)
By Phillip J. Windley
Another continual classic in Solutions Reviews picks for IAM books.
Author Phil Windley likens IMA to good city planning. Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings–or system architectures–function as part of the overall plan.
You can purchase Phillip J. Windley’s Digital Identity: Unmasking Identity Management Architecture (IMA) here.
Digital Identity Management
By Maryline Laurent and Samia Bouzefrane
Within this multidisciplinary and scientific context, having crossed analysis on the digital ID issue, it describes the different technical and legal approaches to protect digital identities with a focus on authentication systems, identity federation techniques and privacy preservation solutions. The limitations of these solutions and research issues in this field are also discussed to further understand the changes that are taking place.
You can purchase Maryline Laurent’s and Samia Bouzefrane’s Digital Identity Management here.
Identity Management: A Business Perspective
By Graham Williamson
For business managers and CIOs, managing identity data of employees, contractors, business partners, and customers has become an important core capability. This practical guide discusses the impacts of identity management on organizations from a businessperson’s perspective. This book will help managers and CIOs understand:
• Automating identity provisioning into your access control systems
• How to evaluate the maturity of your identity management environment
• The difference between authentication and authorization
You can purchase Graham Williamson’s Identity Management: A Business Perspective here.
Identity and Data Security for Web Development: Best Practices
By Jonathan LeBlanc and Tim Messerschmidt
Authors Jonathan LeBlanc and Tim Messerschmidt provide a deep dive into the concepts, technology, and programming methodologies necessary to build a secure interface for data and identity—without compromising usability. You’ll learn how to plug holes in existing systems, protect against viable attack vectors, and work in environments that sometimes are naturally insecure.
You can purchase Jonathan LeBlanc’s and Tim Messerschmidt’s Identity and Data Security for Web Development: Best Practices here.
Digital Identities: Creating and Communicating the Online Self
By Rob Cover
What is identity? Plenty of IAM books exist on how to protect identity, but not as many exist on what it truly means in the digital realm.
In the era of interactive, digital, and networked media and communication, identity can be understood as even more complex, with digital users arguably playing a more extensive role in fashioning their own self-representations online, as well as making use of the capacity to co-create common and group narratives of identity through interactivity and the proliferation of audio-visual user-generated content online.
You can purchase Rob Cover’s Digital Identities: Creating and Communicating the Online Self here.
Digital Identity Management: Technological, Business and Social Implications
By David Birch
Enterprises need to see identity as a part of their business processes. This book is a good reminder of that.
Digital Identity Management, based on the work of the annual Digital Identity Forum in London, provides a wide perspective on the subject and explores the current technology available for identity management, its applications within business, and its significance in wider debates about identity, society and the law. This is an essential introduction for organizations seeking to use identity to get closer to customers; for those in government at all levels wrestling with online delivery of targeted services; as well as those concerned with the wider issues of identity, rights, the law, and the potential risks.
You can purchase David Birch’s Digital Identity Management: Technological, Business and Social Implications here.
Digital Literacy: A Primer on Media, Identity, and the Evolution of Technology
By Susan Wiesinger and Ralph Beliveau
This book is to show that IAM books do not necessarily need to be about security to be valuable.
The Internet, World Wide Web, and digital devices have fundamentally changed the way people communicate, affecting everything from business, to school, to family, to religion, to democracy. This textbook takes a well-rounded view of the evolution from media literacy to digital literacy to help students better understand the digitally filtered world in which they live.
You can purchase Susan Wiesinger’s and Ralph Beliveau’s Digital Literacy: A Primer on Media, Identity, and the Evolution of Technology here.