Getting the Big Picture: How Access Governance fits into IT Governance and Risk Management
- LANGUAGE: English DATE: Tuesday, December 08, 2009 TIME: 16:00 - 17:00 CET, 10am Eastern
Access Governance is a key element in every strategy for information and system security as well as IT Governance. However, there are many different approaches from system-level access control management tools for ERP systems with some SoD support up to “Enterprise GRC” solutions which focus on the risk management and governance approaches from a high-level business perspective, sometimes without the interface to IT systems. And access-related controls are only part of that – 4 of 210 controls within COBIT, for example. For sure they are highly relevant, but they are only part of a bigger story. The link from business controls to IT controls and the role and relevance of the access-related IT controls covered by access governance with respect to complete IT Governance frameworks like COBIT is explained in this session. The different elements and approaches to governance are put into context and associated with the GRC roadmap of Kuppinger Cole.
As users, devices and application workloads move outside the corporate network, the traditional model of enforcing security at the network perimeter is no longer effective. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of where they are working. But the path to achieving Zero Trust is unclear for many organizations.