Dominik Divák


Active directory tiering, ... how to set up a privileged access strategy to secure key assets

The goal of this presentation is to help attendees understand the importance of multi-level privileged access control models and how they can be used to enhance security, streamline access, and ensure compliance. 

Identity systems are a critical component of modern enterprise IT environments providing centralized management of identities and access to resources and information. However, as organizations grow and evolve, the traditional single-level access model is often no longer sufficient and can even pose a security risk.  

This presentation will provide an overview of the multi-level active directory model and explore the key features and benefits of this approach. We will explore the different tiers commonly used in Tiering models, including their security levels, and explain how they work together to provide a more secure and scalable solution. At the same time, the presentation will also explore the tradeoffs between the different tiers, including the tradeoff between security and accessibility. 

You will also learn how to prepare for the Tier model and the importance of proper and careful preparation, including the method and process of possible implementation. We will review the basic architecture of the solution, including a recommended list of included assets for the top layer of security. We will go through the recommended practices for properly setting up the structure of organizational units, groups and roles within the active directory and how to properly set up security policies. 

Finally, we will show you how and by what means it is appropriate to manage resources in each tier securely and what necessary security should be implemented on the management stations from which the higher tiers of the tier model are accessed. 

The presentation will conclude with a discussion of how to set up a multi-tier operational model and recommended practices for each management, monitoring and evaluation approach and the implications for existing company processes, including an example from a real-world implementation. 

Dominik Divák

Dominik is a consultant with more than 14 years of experience in information technology, especially in cyber security. For five years, he worked as a cybersecurity manager, according to Czech Cyber Law (ZoKB) and in senior positions in information security.  

Dominik has been involved in or managed major projects for both government and banking sector customers and now focuses primarily on information security from an organizational, methodological and technical perspective.  

At the same time, he also regularly lectures on cybercrime at the Faculty of Law Charles University