English   Deutsch   Русский   中文    
08.12. - 09.12.2009

Enterprise Access Governance – Controlling Access, Ensuring Information Security

Managing user access to information is key to your information security. Providing access to those who legitimately need it has never been an easy task. But with environments tending to evolve into the cloud, it seems to becoming impossible, at least with traditional processes and tools. With this Virtual Conference, we´ll offer you a deep dive into the future of information security.

Key Topics

  • How to efficiently mitigate you "access risks"
  • Full Access Governance- combining access certification, role management and provisioning
  • RBAC vs. ABAC: Comparing Role Based and Attribute based Access Control - and how to address the management and governance issues for ABAC and dynamic entitlement management
  • The business view - Enterprise GRC vs. IT-GRC and where they should be linked
  • Standardized and centralized entitlement management as the approach to mitigate application security risks and enhance IT Governance
  • GRC roadmap

Agenda

Tuesday, 12/08/2009
15:00 -16:00 CET, 9am Eastern Keynote
The Three Elements of Access Governance: Recertification/Attestation – Access Control – Privileged Access Management
Access Governance is commonly associated with “recertification” or “attestation” as approaches for a recurring review of existing access controls by the responsible managers in IT and business. But knowing the problems isn’t sufficient – enforcing changes and implementing continuous processes for access controls is a key element. And, beyond that, many approaches mainly focus on standard access and not on the security sensitive privileged accounts. This session explains the elements for a consistent approach – across all areas of access governance and all levels of controls, from system to business.

More information  Speakers  Watch now 

16:00 - 17:00 CET, 10am Eastern Presentation + Discussion
Getting the Big Picture: How Access Governance fits into IT Governance and Risk Management
Access Governance is a key element in every strategy for information and system security as well as IT Governance. However, there are many different approaches from system-level access control management tools for ERP systems with some SoD support up to “Enterprise GRC” solutions which focus on the risk management and governance approaches from a high-level business perspective, sometimes without the interface to IT systems. And access-related controls are only part of that – 4 of 210 controls within COBIT, for example. For sure they are highly relevant, but they are only part of a bigger story. The link from business controls to IT controls and the role and relevance of the access-related IT controls covered by access governance with respect to complete IT Governance frameworks like COBIT is explained in this session. The different elements and approaches to governance are put into context and associated with the GRC roadmap of Kuppinger Cole.

More information  Speakers  Watch now 

17:00-18:00 CET, 11am Eastern Presentation + Discussion
5 Golden Rules for Efficiently Implementing Access Governance
How to do Access Governance right? Which are the key success factors you have to focus on for as well quick-wins as long-term success? This session explains how to solve the access governance needs best.

More information  Speakers  Watch now 

Wednesday, 12/09/2009
16:00 - 17:00 CET, 10am Eastern Panel Discussion
XACML: The Holy Grail of Access Governance?
In this panel, the role XACML will and can play for access governance is discussed. Is XACML the solution? What is missing? How to manage policies and how to analyze these dynamic constructs? And how to avoid vendor lock-in? The strengths, shortcomings and needed improvements are discussed by different vendors and Kuppinger Cole analysts.

More information  Speakers  Watch now 


Partners:    Axiomatics AB ORACLE Deutschland
17:00-18:00 CET, 11am Eastern Panel Discussion
How to Efficiently Implement SoD Controls: Which Level Works?
SoD controls (Segregation of Duties) are a cornerstone of access governance. But how to efficiently implement them? Should they be based on roles, on activities, on granular entitlements? There are many different approaches to solve the problem. In this panel, different vendors and Kuppinger Cole analysts will discuss different approaches for SoD controls, with focus on their manageability and the required granularity.

More information  Speakers  Watch now 


Partners:    Axiomatics AB ORACLE Deutschland
18:00 - 19:00 CET, 12am Eastern Panel Discussion
How to Start: Recertification or Active Access Controls First?
What is the best approach to do access governance? Should you start with attestation to understand where the problems are? Or should you first have a management infrastructure in place which allows to control access across different systems and use access governance approaches then to improve the state of your information security? Or is recertification sufficient? Kuppinger Cole analysts and different vendors discuss the strengths and weaknesses of different approaches?

More information  Speakers  Watch now 

top
Table of contents
Partners
More events
So your business is moving to the Cloud – Will it be Azure or Naked Cloud?
Most companies do not plan their migration to the cloud. They suddenly find that there are multiple users of cloud services in their organisation,...
Intelligent Identity Management in the Cloud – a use case
Most organisations fail to plan identity management in the Cloud. They adopt a variety of software-as-a-service solutions each requiring its own...
Managing Risk and Reward from Cloud, and the Internet of Everything and Everyone
Delivering on the vision for an Internet of Everything and Everyone depends upon the ability to manage and process vast amounts of data; this means...
All current events
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2014 KuppingerCole