Getting the Big Picture: How Access Governance fits into IT Governance and Risk Management
- LANGUAGE: English DATE: Tuesday, December 08, 2009 TIME: 16:00 - 17:00 CET, 10am Eastern
Access Governance is a key element in every strategy for information and system security as well as IT Governance. However, there are many different approaches from system-level access control management tools for ERP systems with some SoD support up to “Enterprise GRC” solutions which focus on the risk management and governance approaches from a high-level business perspective, sometimes without the interface to IT systems. And access-related controls are only part of that – 4 of 210 controls within COBIT, for example. For sure they are highly relevant, but they are only part of a bigger story. The link from business controls to IT controls and the role and relevance of the access-related IT controls covered by access governance with respect to complete IT Governance frameworks like COBIT is explained in this session. The different elements and approaches to governance are put into context and associated with the GRC roadmap of Kuppinger Cole.
For traditional or Business-to-Employee (B2E) IAM, HR departments are responsible for gathering documentation from employees to determine their suitability for employment. For Business-to-Consumer (B2C) or CIAM, identity proofing can be more difficult. Depending on the nature of the business, the attributes that need to be collected and verified can differ widely. For example, Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations govern the kinds of attributes and authoritative attributes that must be collected in the finance industry.
At the Consumer Identity World you learn how to balance the user experience, privacy, and security of your connected customer and how to enhance the customers' journey by leveraging Artificial Intelligence (AI) and Machine Learning (ML) to provide a superior and customized experience.