![\"\"](\"http:\/\/blogs.sun.ac.za\/it\/files\/2014\/04\/fingerprint.jpg\")
<\/p>\n<\/p>\n
<\/p>\n
A while back an internal audit focusing on IT administrative systems, in particular two areas, Human Resource Management and Student administration, was conducted. The audit tried to establish whether the university\u2019s policy with regard to administrative system users complied with prescribed best practices and whether adequate processes are in place to manage access rights.<\/p>\n
It was found that there was a need for a formal\u00a0I<\/b>dentity and\u00a0A<\/b>ccess\u00a0M<\/b>anagement (IAM) policy, more regulated processes and one central source from which identities (see definition below<\/i>) should be managed.<\/p>\n
The current practice of issuing multiple electronic identities per business application or per individual associated with the university for access to administrative systems, lends itself to the fraudulent use of both electronic identities and information \u2013 a high risk at an academic institution.<\/p>\n
The audit findings were considered and as a result\u00a0thereof\u00a0an all-encompassing\u00a0Identity and Access Management \u00a0Project (IAM Project) was initiated to mitigate both known and potential risk \u00a0around system and resource (i.e. Library ) access.<\/p>\n
In an effort for better control on creating identity the following three systems will be the only recognised systems from which\u00a0both identity and electronic identity can originate.<\/p>\n
IAM aims to addresses 95% of the audit findings by establishing a central system from which one electronic identity can be issued via an automated process with full audit on who has access to which system and who approved the request.\u00a0A future deliverable from this project would be a formal definition of roles (e.g. Payroll clerk) from system function (program) access patterns to facilitate role-based access request management.<\/p>\n
An Electronic Identity Validation Regulation has already been approved and can viewed\u00a0<\/span>here.<\/a><\/p>\n The IAM project is one of continuous improvement and development. It\u2019s more than just putting systems in place, but also about understanding the university\u2019s organisational behaviour and processes to ensure these systems will increase productivity and function optimally.<\/p>\n To keep you up to date on upcoming IAM projects, we will be running a series of articles from this week. In our next article we\u2019ll be looking at AIS.\u00a0<\/span><\/p>\n If you\u2019re still in the dark as to how SunID works, refer to your\u00a0wiki<\/a>\u00a0for detailed instructions or read our previous\u00a0blog<\/a>\u00a0articles.<\/p>\n If you prefer a more hands-on approach, we\u2019ll also be hosting a few informal sessions where you\u2019ll be guided through the process step-by-step and also have the opportunity to air all your complaints and questions.\u00a0If you\u2019re like to attend one of these sessions, please contact Petro Uys at\u00a0puys@sun.ac.za<\/a>.<\/p>\n Definitions<\/i><\/p>\n Identity \u2013 the capturing of all personal information and creating a unique 8 digit Stellenbosch university number also commonly referred to as student number, staff number, ut_number, su_number.<\/i> <\/p>\n Daar is bevind dat `n behoefte bestaan vir `n formele\u00a0\u00a0<\/em>Identiteit- en toegangsbestuurbeleid (IAM), beter gereguleerde prosesse en een sentrale bron waaruit identiteite (sien definisies onder) bestuur moet word.\u00a0<\/p>\n Die huidige praktyk reik veelvuldige eletroniese identiteite uit\u00a0vir toegang tot administratiewe stelsels\u00a0en doen dit per besigheidstoepassing of per individu geassosieer met die universiteit. Hierdie proses kan maklik blootgestel word aan die misbruik van elektroniese identiteite en informasie – `n ho\u00eb risiko vir `n akademiese instansie.<\/p>\n Die ouditbevindinge is in ag geneem en op grond daarvan is `n oorkoepelende Identiteit- en toegangsbestuurprojek\u00a0(IAM Projek) geloods om bestaande en potensi\u00eble risikos rondom stelsel- en brontoegang (byvoorbeeld die Biblioteek) aan te spreek.\u00a0<\/p>\n In `n poging om beter kontrole te handhaaf wanneer identiteite geskep word, sal die volgende drie stelsels die enigste erkende stelsels wees waarop identiteit en elektroniese identiteit geskep kan word.<\/p>\n IAM poog om 95% van die ouditbevindinge aan te spreek deur `n sentrale stelsel te vestig waarvandaan een elektroniese identiteit uitgereik kan. Dit sal uitgereik word deur middel van `n outomatiese proses met `n volledige oudit van wie toegang to watter stelsel het en die aansoek goedgekeur het.<\/p>\n \u00a0Een van die doelwitte van hierdie projek sal `n formele definisie wees van rolle (byvoorbeeld Salarisrolklerk), onttrek uit stelselfunksie bestuurspatrone om rolgebaseerde toegangsversoekbestuur toe te pas.<\/p>\n `n Elektroniese Validasie Reglement is reeds goedgekeur en kan\u00a0hier<\/a>\u00a0besigtig word.<\/p>\n Die IAM-projek word deurlopend ontwikkel en verbeter. Dis meer as net ‘n proses om stelsels in plek te sit, maar vereis ook begrip vir die Universiteit se organisatoriese werkverrigting en prosesse om te verseker dat stelsels produktiwiteit sal verhoog en optimaal kan funksioneer.<\/span><\/p>\n Om jou op hoogte te hou van toekomstige IAM-projekte sal ons ook voortaan `n reeks artikels bied. Ons volgende een fokus op AIS.<\/p>\n \u00a0* Indien SUNid steeds vir jou Grieks is, kyk gerus op ons\u00a0wiki<\/a>\u00a0vir `n uiteensetting of lees ons vorige\u00a0<\/span>blog<\/a>-artikel.\u00a0<\/span>Indien jy `n meer praktiese aanslag verkies, sal ons binnekort `n paar informele sessies aanbied waar jy stap-vir-stap daardeur geneem sal word en ook die geleentheid sal kry om al jou vrae te vra. Stuur asseblief e-pos aan Petro Uys by puys@sun.ac.za indien jy belangstel om `n sessie by te woon.\u00a0<\/p>\n \u00a0<\/p>\n Definitions<\/i><\/p>\n \u00a0\u00a0\u00a0\u00a0Identity \u2013 the capturing of all personal information and creating a unique 8 digit Stellenbosch university number also commonly referred to as student number, staff number, ut_number, su_number.<\/i> \u00a0<\/p>\n<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" A while back an internal audit focusing on IT administrative systems, in particular two areas, Human Resource Management and Student administration, was conducted. The audit tried to establish whether the university\u2019s policy with regard to administrative system users complied with prescribed best practices and whether adequate processes are in place to manage access rights. It […]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29187],"tags":[],"class_list":["post-5701","post","type-post","status-publish","format-standard","hentry","category-security-2"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 04:01:12","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/5701","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=5701"}],"version-history":[{"count":26,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/5701\/revisions"}],"predecessor-version":[{"id":9249,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/5701\/revisions\/9249"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=5701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=5701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=5701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
<\/div>\n
\u00a0 \u00a0 Electronic Identity \u2013 refers to username and password associated to an identity record\u00a0<\/i><\/p>\n`n Tydjie gelede is `n interne oudit met die fokus op IT administratiewe stelsels, spesifiek Menslike Hulpbronnebestuur en Studente-administrasie, uitgevoer. Die doel van die oudit was om vas te stel of die universiteit se beleid oor administratiewe stelselgebruikers voldoen aan voorgeskrewe beste praktyke en of voldoende prosesse in plek is om regte te bestuur.\u00a0<\/p>\n\n
\n
<\/div>\n
\u00a0 \u00a0 Electronic Identity \u2013 refers to username and password associated to an identity record\u00a0<\/i><\/p>\n