The Certified Identity Management Professional certification is designed and administered by Identity Management Institute for technical information technology, cybersecurity, and identity management professionals who design, develop, implement, and manage identity and access management systems and technical solutions. As the number of users, systems, and product solutions grows, demand for CIMP technical experts also grows to help meet business requirements and user needs for improved identity and access management, reduced access risks, tracking user activities, and complying with regulations.
Some of the key factors that contribute to the increasing demand for Certified Identity Management Professional certification are as follows:
- First, security threats require an understanding of threat modeling techniques and analysis skills to mitigate evolving risks with technical solutions. Becoming a Certified Identity Management Professional requires knowledge of common identity and access management risks and the ability to propose technical solutions to control access, prevent attacks, detect anomalies, and respond to incidents.
- Second, as CIMP experts deploy systems and solutions to counter identity and access threats, they must be aware of various international standards for ensuring optimum identity and access management architecture and cloud security by utilizing Secure Software Development Framework and best practices in SDLC, product implementation, and project management.
- Third, as the number of IoT devices grows and businesses embrace cloud computing, SaaS applications, remote workforce, BYOD, and blockchain technology, CIMP experts must ensure secure API and access controls exist by deploying advanced systems such as multi-factor and biometric authentication, machine learning, and artificial intelligence.
- Lastly, managing access for dispersed and diverse users such as employees, customers, and business partners to systems whether hosted internally or externally is another challenge as users require quick access while businesses and regulators need assurances that users are properly identified and authorized. Meeting the needs of users for speedy and seamless access, secure onboarding and KYC, system security, and regulatory compliance introduces technical challenges that CIMP experts must address.
Why Pursue a CIMP Certification?
Identity management is a collection of technology, processes and people. In order to address various identity management risks and challenges, organizations are increasingly considering technology solutions to improve security and automate identity and access management as much as possible.
Although the rewards of implementing an identity management solution are immense, such initiatives are often very challenging and require the expertise of technical identity management experts to create and manage project teams, gather the requirements to design and develop systems, help select an external product solution, develop project plans, and oversee the successful implementation and deployment of IAM systems.
In summary, identity management is a growing career field which helps businesses streamline, automate, and manage system access. By earning the Certified Identity Management Professional certification, IMI members demonstrate their expertise in gathering system requirements, proposing product solutions, and managing IAM projects.
Who Should Pursue The CIMP Certification?
Certified Identity Management Professionals are technical experts who typically work as System Architect, System Engineer, System Programmer, Technical Consultant, and Project Manager.
CIMP Critical Risk Domains
The CIMP study guide chapters and examination are organized in the following Critical Risk Domains:
- Threat Management
- Project Management
- Product Selection and Implementation
- Software Security
- Cloud Security
- IAM, Architecture, Protocols, and Standards
- IoT and API Security
- Artificial Intelligence and Machine Learning
- Compliance Assurance
- Digital Identity Guidelines
Let’s now explore each domain for additional details:
A large part of a Certified Identity Management Professional job duties is to manage identity and access management risks which requires knowledge of threat modeling and analysis, gap identification, and IAM solutions. CIMP certification prepares IT professionals to become threat management experts in identity and access management.
CIMP candidates must be aware of project management best practices and be able to propose a project strategy and roadmap, define business requirements, and have technical writing, communication, and team management skills. They must be able to translate business requirements into technical requirements for the technical staff who are involved with coding, testing, and implementation to make sure the system operates in accordance with the requirements as they monitor the project plan.
Product Selection and Implementation
When third party IAM software products must be evaluated and selected for implementation, the criteria for how to select an IAM product must be established and used in alignment with business objectives and requirements. System integration and product features must be considered along with the vendor reputation, support, and sustainability as well as product certification, independent quality assessments, and consumer reviews. CIMP experts must be able to select and implement the right product to solve their unique IAM challenges.
When a new IAM product is developed, or features of an existing application are modified, or when an organization must develop an Application Programming Interface for a selected product, many critical areas must be considered such as business requirements and objectives, Software Development Kit, infrastructure, secure software coding practices including mobile apps, product development framework, web application security, DevOps segregation of duties, software design and architecture, Service-Oriented Architecture, system and user acceptance testing, change management, and post implementation tasks.
As organizations move their applications and data into global cloud computing environments, CIMPs must be aware of top cloud providers and their IAM capabilities and leverage Cloud Access Security Broker to interject and expand enterprise security policies in the cloud.
IAM Architecture, Protocols and Standards
CIMPs must be familiar with and apply international IAM protocols and standards in their jobs and projects. Formalized international IAM protocols exist to support strong IAM policies. Generally known as “Authentication, Authorization, and Accounting”, these identity management protocols provide standards for security to strengthen and simplify access management, aid in compliance, and create a uniform system for handling interactions between users and systems.
IoT and API Security
As Internet of Things devices continue to be deployed by businesses and households with advanced features and data retention capabilities, CIMPs must be aware of the access risks within IoT and their connectivity with other systems and devices to ensure proper identification, authentication, and data integrity.
Artificial Intelligence and Machine Learning
With knowledge of advances in artificial intelligence and machine learning, CIMPs can improve their products and processes through automated machine learning to achieve certain goals quickly and effectively such as when detecting threats and analyzing user behavior for context-based identity management. Automated monitoring is essential for detecting unauthorized access, violation of policies, and system malfunctions.
There are many regulatory requirements related to identity management which certain companies must comply with including in the area of user identification and activity tracking. CIMPs must establish continuous audit procedures to ensure than not only regulatory requirements are being complied with but also systems and processes are operating as designed and follow the established standards.
Digital Identity Guidelines
The digital identity guidelines provide technical requirements for government agencies and organizations implementing digital identity services. The guidelines define technical requirements in each of the areas of identity proofing, registration, management processes, authentication protocols, federation, and related assertions.
Certified Identity Management Professional Certification Process
To become a Certified Identity Management Professional, candidates must become members of Identity Management Institute, and pass an examination. For CIMP eligibility, application submission, cost, exam, and certification maintenance, please visit the CIMP page on the IMI website. Watch the CIMP overview video.