Business Case Subgroup

This is a collaboration space for the Business Case Subgroup of the MFA Cohortium. Unless otherwise designated, everything contained here should be viewed as a work in progress, subject to change without notice.

The Business Case Subgroup explores reasons and use cases for the deployment of multi-factor authentication.  Issues include:

• Risks addressed by multi-factor authentication
• Assurance requirements for high-risk applications and services
• Use cases, such as VPN, ERPs, shell access, confidential/sensitive data access (HIPAA, PCI, financial, FERPA, ePHI, PII), password resets, first-use devices/BYOD, etc.

Meetings

The Business Case Subgroup meets every other week via conference call on alternate Wednesdays, 3:00p-4:00p ET, starting July 31, 2013.

The business@lists.cohortium.internet2.edu list is used for communication between meetings.

• Business Case Subgroup Meetings
• Agendas and Notes
  • 1/15/2014, 3:00-4:00 ET [Agenda] - canceled due to lack of attendance
  • 12/18/2013, 3:00-4:00 ET [Agenda, Notes]
  • 12/4/2013, 3:00-4:00 ET [Agenda, Notes]
  • 11/6/2013, 3:00-4:00 ET [Agenda, Notes]
  • 10/23/2013, 3:00-4:00 ET [Agenda, Notes]
  • 9/25/2013, 3:00-4:00 ET [Agenda, Notes]
  • 8/28/2013, 3:00-4:00 ET [Agenda, Notes]
  • 8/14/2013, 3:00-4:00 ET [Agenda, Notes]
  • 7/31/2013, 3:00-4:00 ET [Agenda, Notes]

Business Justifications for Multi-Factor Authentication

• Business Case template
• University of Washington - Elements of Justification

White Papers

•  How Much Security Is Enough? - DRAFT