Digital Identity Risk Management (DIRM) – Step 1: Define the Online Service
The first step in DIRM is about clarity and scope. Before risks can be assessed, organizations must fully understand the purpose, objectives, dependencies, and impact of the online service. This includes:
✔ Mission & objectives
✔ Legal, regulatory, and privacy requirements
✔ Service functionality & data scope
✔ User groups, transactions, and access privileges
✔ Impacted entities & processes
✔ Current identity technology state (proofing, authentication, federation)
Defining the online service creates a shared understanding of what’s at stake and forms the foundation for selecting the right assurance levels (IAL, AAL, FAL).
Check out this infographic for an overview of DIRM – Step 1: Define the Online Service.
Gabriel Magarino
Gabriel Magarino – Senior Security Manager | IAM Evangelist - Experienced leader with over 20 years in the IT and cybersecurity industry, specializing in Identity & Access Management. Expert in Okta, One Identity, SailPoint (IdentityIQ & IdentityNow), OneLogin, Delinea, and CyberArk. Passionate about exploring IAM and emerging technologies, coaching, and training IAM teams. Holds a Master’s in Computer Science and multiple certifications, including Okta Professional & Administration, One Identity Architect & Instructor, SailPoint Identity Now, ITIL, Scrum Master, among others. Currently pursuing a PhD with a focus on Computer Science and Artificial Intelligence.