Financials
- TYPE: Track DATES: May 15 - May 16, 2013
The first wave of massive regulatory pressure after the Financial Crisis now has passed the Finance Industry. Many organizations have achieved significant improvements in their Access Governance deployments or are on the way. However, it is not about taking a rest now for the next years. The pressure on IAM and IAG, as well as on GRC in general, remains high. And beyond tackling the initial findings, organizations need to extend their deployments so that they are audit-proof for the future. Working to the business instead of working to the audit: That is today’s challenge. Beyond that, the Extended Enterprise increasingly becomes a challenge for the Finance Industry as well. New sales models and external sales organizations in the insurance industry and closer collaboration with the customer stand for this. IAM and IAG are the foundation for enabling that change. IAM/IAG long has moved from being an administration-only technology towards becoming a business enabling technology.
The Finance Virtual Track is a guideline through the high priority topics for the Finance Industry. GRC and Access Governance, Identity Federation and the Extended Enterprise, Life Management Platforms and the API Economy as enabler for new forms of collaboration – and the Finance Industry Roundtable itself: All these sessions deliver what you need for future-proof IAM, IAG, and GRC in the Finance Industry.
Moderators:
Tracks:
Access Governance
Sessions:
Access Governance as a Multiyear and Multidimensional Program
Date: Wednesday, May 15, 2013 Time: 10:30-11:30
Location: AUDITORIUM
Access Governance as a Multiyear and Multidimensional Program
Access Governance: Why is it so difficult?
There is no easy way out!
Does Access Govenance have a business case?
It´s a multi-dimensional challenge therefore many stakeholders need to contribute (e.g. HR, IT, Business, Legal, Data protection)
How to define priorities?
Strong program governance is key
Access Governance & Intelligence at Deutsche Bank AG
Following the worldwide financial crisis all Financial Institutions are facing increasing regulatory requirements globally. A major focus is put on the evidence for having implemented a consistent approach to the “Segregation of Duties” (SoD) principle.
A key challenge is to not only achieve this within a specific application or organizational unit, but to continuously check and monitor the implementation across applications, business processes or entire departments in a...
Redefining Access Governance: Going well beyond Recertification
Date: Wednesday, May 15, 2013 Time: 11:30-12:30
Location: AUDITORIUM
Redefining Access Governance: Going well beyond Recertification
When looking back at the evolution of Access Governance, this is a history of change and rapid innovation. From the days of “Enterprise Role Management”, before the term Access Governance even was known, to common marketing terms like IAG (Identity and Access Governance) or Access Intelligence, a lot has happened. Virtually all major players have entered this market. Products became more mature. Access Governance has replaced Identity Provisioning as the typical starting point...
Access Governance: How to Govern all Access
Access Governance is a key building block in IAM (Identity and Access Management) deployments and as part of IT GRC. However, traditionally Access Governance focuses on managing access based on roles and thus on static assignments. It frequently lacks tight integration with Privilege Management for highly critical IT users like root, system accounts, or shared accounts. It also typically lacks support for managing business and security rules within Dynamic Authorization Management, for...
Access Governance
Sessions:
A Success Story Introducing User Access Management for an Energy Trading Company
Date: Wednesday, May 15, 2013 Time: 14:00-15:00
Location: AUDITORIUM
A Success Story Introducing User Access Management for an Energy Trading Company
Background and Motivation for introducing User Access Management
Project challenges
Critical success factors
Obstacles and how to overcome them
Recommendations and Lessons learned
IAM Governance Outside IT
For organizations that are under strong governance control and dealing with sensitive information on a daily basis, it is essential to know who has access to which data. One of the most important topics is to know this along the business process. Before granting access to data or applications there must be done several reviews to assure compliance. In the classical approach this is done in the organization manly with paperwork and organizational processes and ends then in the IT...
Access Intelligence: The New Standard Feature of Access Governance?
Date: Wednesday, May 15, 2013 Time: 15:00-16:00
Location: AUDITORIUM
Access Intelligence: The New Standard Feature of Access Governance?
Access Intelligence is a hot new topic within the discipline of Access Governance. But what is this really about? Is it just better reporting? Or is it about applying advanced Data Warehouse capabilities to analyze existing access rights, the use of them, the access risks etc.? Should it be built based on standard BI tools or should it become more tightly integrated? What is the real benefit compared to standard reporting of Access Governance tools? These are questions customers are raising...
Risk-based Access Management @Swiss Re
The objective of the Enhanced Access Management @Swiss Re is to improve and simplify access management. Shifting Swiss Re’s access rights philosophy from the "need-to-know", where only the information one needs to know is accessible, to the "need-to-protect" approach, a risk-based focus on protection of critical information. Strong business support and rule-based automation enabled this change.
Access Risk Management: Continuously Identifying and Tracking Access Risks
Date: Wednesday, May 15, 2013 Time: 17:00-18:00
Location: AUDITORIUM
Access Risk Management: Continuously Identifying and Tracking Access Risks
Ever since the big financial scandals, checking and reviewing of access rights, access rights concepts as well as compliance with the separation of functions in a company have been gaining more and more significance. We all know sensitive data in the wrong hands could cause substantial damage. Especially with growing IT landscapes and systems of multiple manufacturers it is important to overview the access rights situation continuously.
Let´s talk about segregation of duties (SoD),...
Cloud Governance
Sessions:
The Upcoming Cybersecurity Strategy for the European Union - What does it mean for your Enterprise?
Date: Thursday, May 16, 2013 Time: 14:00-15:00
Location: AUDITORIUM
The Upcoming Cybersecurity Strategy for the European Union - What does it mean for your Enterprise?
On February 7, 2013, the European Commission launched its cybersecurity strategy for the European Union (“Strategy”). As part of this Strategy, the European Commission also proposed a draft directive on measures to ensure a common level of network and information security (“NIS”) across the EU. The proposed Directive is a key component of this Strategy. It introduces a number of measures to enhance cybersecurity, including:
The requirement for EU Member States...
Compliance in Hybrid Clouds - Integrated Process Management Despite Regulatory Requirements?
How can hybrid clouds join together so that a user company operating the respective compliance requirements in the necessary deployment option (leave) and still be able to ensure a consistent and legally compliant process execution? Hybrid cloud connectivity capabilities are a key enabler of the near and long term usage of cloud services. During this session we will show what kind of different hybrid scenarios we see as applicable today at our members, what are the detailed challenges and...
Fast Tracking your Risk Strategy for the Cloud
Date: Thursday, May 16, 2013 Time: 15:00-16:00
Location: AUDITORIUM
Fast Tracking your Risk Strategy for the Cloud
Will your Cloud fail the next audit? Do you have a handle on your risk strategy for the Cloud? Is this level of maturity only suited for Enterprises? Can a smaller businesses do this effectively? This session will outline how to build a scalable Cloud risk strategy based on ISO 27005 and CSA Guidance. This talk will set the tone and enable delegates to come home and fast track a Cloud risk strategy.
Cloud Security is only valuable if you have a robust process to identify risk. Managing...
The Reason why RLB Moved to the Cloud
The presentation details how insecure RLB´s IT systems and infrastructure once were; the server infrastructure was held in a local government building with open public access, the building was classified by the British security services as being a terrorist target and there were periods where we couldn´t enter the building safely in case of an emergency because the building is often used for filming TV series (I walked past Robert Vaughan from "The Magnificent Seven" once!) and...
Top Ten Tips for Negotiating and Assuring Cloud Services
Date: Thursday, May 16, 2013 Time: 16:30-17:30
Location: AUDITORIUM
Top Ten Tips for Negotiating and Assuring Cloud Services
How can an organization safely adopt cloud services to gain the benefits they provide? The easy availability of cloud services has sometimes led to line of business managers bypassing the normal procurement processes to obtain cloud services directly without any consideration of the governance and risks involved. There is a confusing jungle of advice on the risks of cloud computing and how to manage these risks. This talk considers advice available and the practical approaches to negotiating...
Finance Industry Roundtable
Sessions:
Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Date: Thursday, May 16, 2013 Time: 14:00-16:00
Location: WALCHENSEE
Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Rosa’s presentation will outline the key considerations in selecting an enterprise IAM/IAG solution with focus an financial institutions. Areas to be covered include
business requirements,
architecture,
functionality,
integration,
compliance,
roadmap alignment
and much more.
Mastering the Challenge: Making Access Governance a Part of IT GRC and IT GRC a part of Enterprise GRC
Many organizations are facing sort of a “GRC sprawl”. There are many disparate initiatives for GRC (Governance, Risk Management, Compliance) at various levels of the organization and in different divisions. On the other hand, it is all about enforcing governance, meeting regulatory compliance requirements, and managing and mitigating risks. Access Governance, for instance, is about Access Risk. The only reason to do Access Governance is that Access Risks might result in...
Fighting Hydra – Strategies for Audit and Control of large Numbers of Applications
When setting up an access management and governance solution, large organizations often have to deal with hundreds of applications with different access control models. This creates various challenges on organizational and technical level, like for example: How should audit policies, attestation campaigns and request processes be set up across applications? How can reports and dashboards be tailored effectively? What is the most efficent approach with regards to connector technology?
This...
How will the Directive on Network and Information Security (NIS) Proposed by EU affect Critical Banking & Insurance Infrastructures?
Date: Thursday, May 16, 2013 Time: 16:30-17:30
Location: WALCHENSEE
How will the Directive on Network and Information Security (NIS) Proposed by EU affect Critical Banking & Insurance Infrastructures?
The EU recently announced a broad cyber security strategy which will be accompanied by a Directive on Network and Internet Security (NIS Directive). The aim of this strategy is to to ensure a secure and trustworthy "digital life", while promoting and protecting fundamental democratic rights like privacy and data protection. The proposed NIS Directive has a similar layout like the critical infrastructure/cybersecurity program currently existing in the United States. However, it significantly...
Access Governance as a Multiyear and Multidimensional Program
Date: Wednesday, May 15, 2013 Time: 10:30-11:30
Location: AUDITORIUM
Access Governance as a Multiyear and Multidimensional Program
Access Governance: Why is it so difficult?
There is no easy way out!
Does Access Govenance have a business case?
It´s a multi-dimensional challenge therefore many stakeholders need to contribute (e.g. HR, IT, Business, Legal, Data protection)
How to define priorities?
Strong program governance is key
Access Governance & Intelligence at Deutsche Bank AG
Following the worldwide financial crisis all Financial Institutions are facing increasing regulatory requirements globally. A major focus is put on the evidence for having implemented a consistent approach to the “Segregation of Duties” (SoD) principle.
A key challenge is to not only achieve this within a specific application or organizational unit, but to continuously check and monitor the implementation across applications, business processes or entire departments in a...
Redefining Access Governance: Going well beyond Recertification
Date: Wednesday, May 15, 2013 Time: 11:30-12:30
Location: AUDITORIUM
Redefining Access Governance: Going well beyond Recertification
When looking back at the evolution of Access Governance, this is a history of change and rapid innovation. From the days of “Enterprise Role Management”, before the term Access Governance even was known, to common marketing terms like IAG (Identity and Access Governance) or Access Intelligence, a lot has happened. Virtually all major players have entered this market. Products became more mature. Access Governance has replaced Identity Provisioning as the typical starting point...
Access Governance: How to Govern all Access
Access Governance is a key building block in IAM (Identity and Access Management) deployments and as part of IT GRC. However, traditionally Access Governance focuses on managing access based on roles and thus on static assignments. It frequently lacks tight integration with Privilege Management for highly critical IT users like root, system accounts, or shared accounts. It also typically lacks support for managing business and security rules within Dynamic Authorization Management, for...
Sessions:
A Success Story Introducing User Access Management for an Energy Trading Company
Date: Wednesday, May 15, 2013 Time: 14:00-15:00
Location: AUDITORIUM
A Success Story Introducing User Access Management for an Energy Trading Company
Background and Motivation for introducing User Access Management
Project challenges
Critical success factors
Obstacles and how to overcome them
Recommendations and Lessons learned
IAM Governance Outside IT
For organizations that are under strong governance control and dealing with sensitive information on a daily basis, it is essential to know who has access to which data. One of the most important topics is to know this along the business process. Before granting access to data or applications there must be done several reviews to assure compliance. In the classical approach this is done in the organization manly with paperwork and organizational processes and ends then in the IT...
Access Intelligence: The New Standard Feature of Access Governance?
Date: Wednesday, May 15, 2013 Time: 15:00-16:00
Location: AUDITORIUM
Access Intelligence: The New Standard Feature of Access Governance?
Access Intelligence is a hot new topic within the discipline of Access Governance. But what is this really about? Is it just better reporting? Or is it about applying advanced Data Warehouse capabilities to analyze existing access rights, the use of them, the access risks etc.? Should it be built based on standard BI tools or should it become more tightly integrated? What is the real benefit compared to standard reporting of Access Governance tools? These are questions customers are raising...
Risk-based Access Management @Swiss Re
The objective of the Enhanced Access Management @Swiss Re is to improve and simplify access management. Shifting Swiss Re’s access rights philosophy from the "need-to-know", where only the information one needs to know is accessible, to the "need-to-protect" approach, a risk-based focus on protection of critical information. Strong business support and rule-based automation enabled this change.
Access Risk Management: Continuously Identifying and Tracking Access Risks
Date: Wednesday, May 15, 2013 Time: 17:00-18:00
Location: AUDITORIUM
Access Risk Management: Continuously Identifying and Tracking Access Risks
Ever since the big financial scandals, checking and reviewing of access rights, access rights concepts as well as compliance with the separation of functions in a company have been gaining more and more significance. We all know sensitive data in the wrong hands could cause substantial damage. Especially with growing IT landscapes and systems of multiple manufacturers it is important to overview the access rights situation continuously.
Let´s talk about segregation of duties (SoD),...
Cloud Governance
Sessions:
The Upcoming Cybersecurity Strategy for the European Union - What does it mean for your Enterprise?
Date: Thursday, May 16, 2013 Time: 14:00-15:00
Location: AUDITORIUM
The Upcoming Cybersecurity Strategy for the European Union - What does it mean for your Enterprise?
On February 7, 2013, the European Commission launched its cybersecurity strategy for the European Union (“Strategy”). As part of this Strategy, the European Commission also proposed a draft directive on measures to ensure a common level of network and information security (“NIS”) across the EU. The proposed Directive is a key component of this Strategy. It introduces a number of measures to enhance cybersecurity, including:
The requirement for EU Member States...
Compliance in Hybrid Clouds - Integrated Process Management Despite Regulatory Requirements?
How can hybrid clouds join together so that a user company operating the respective compliance requirements in the necessary deployment option (leave) and still be able to ensure a consistent and legally compliant process execution? Hybrid cloud connectivity capabilities are a key enabler of the near and long term usage of cloud services. During this session we will show what kind of different hybrid scenarios we see as applicable today at our members, what are the detailed challenges and...
Fast Tracking your Risk Strategy for the Cloud
Date: Thursday, May 16, 2013 Time: 15:00-16:00
Location: AUDITORIUM
Fast Tracking your Risk Strategy for the Cloud
Will your Cloud fail the next audit? Do you have a handle on your risk strategy for the Cloud? Is this level of maturity only suited for Enterprises? Can a smaller businesses do this effectively? This session will outline how to build a scalable Cloud risk strategy based on ISO 27005 and CSA Guidance. This talk will set the tone and enable delegates to come home and fast track a Cloud risk strategy.
Cloud Security is only valuable if you have a robust process to identify risk. Managing...
The Reason why RLB Moved to the Cloud
The presentation details how insecure RLB´s IT systems and infrastructure once were; the server infrastructure was held in a local government building with open public access, the building was classified by the British security services as being a terrorist target and there were periods where we couldn´t enter the building safely in case of an emergency because the building is often used for filming TV series (I walked past Robert Vaughan from "The Magnificent Seven" once!) and...
Top Ten Tips for Negotiating and Assuring Cloud Services
Date: Thursday, May 16, 2013 Time: 16:30-17:30
Location: AUDITORIUM
Top Ten Tips for Negotiating and Assuring Cloud Services
How can an organization safely adopt cloud services to gain the benefits they provide? The easy availability of cloud services has sometimes led to line of business managers bypassing the normal procurement processes to obtain cloud services directly without any consideration of the governance and risks involved. There is a confusing jungle of advice on the risks of cloud computing and how to manage these risks. This talk considers advice available and the practical approaches to negotiating...
Finance Industry Roundtable
Sessions:
Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Date: Thursday, May 16, 2013 Time: 14:00-16:00
Location: WALCHENSEE
Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Rosa’s presentation will outline the key considerations in selecting an enterprise IAM/IAG solution with focus an financial institutions. Areas to be covered include
business requirements,
architecture,
functionality,
integration,
compliance,
roadmap alignment
and much more.
Mastering the Challenge: Making Access Governance a Part of IT GRC and IT GRC a part of Enterprise GRC
Many organizations are facing sort of a “GRC sprawl”. There are many disparate initiatives for GRC (Governance, Risk Management, Compliance) at various levels of the organization and in different divisions. On the other hand, it is all about enforcing governance, meeting regulatory compliance requirements, and managing and mitigating risks. Access Governance, for instance, is about Access Risk. The only reason to do Access Governance is that Access Risks might result in...
Fighting Hydra – Strategies for Audit and Control of large Numbers of Applications
When setting up an access management and governance solution, large organizations often have to deal with hundreds of applications with different access control models. This creates various challenges on organizational and technical level, like for example: How should audit policies, attestation campaigns and request processes be set up across applications? How can reports and dashboards be tailored effectively? What is the most efficent approach with regards to connector technology?
This...
How will the Directive on Network and Information Security (NIS) Proposed by EU affect Critical Banking & Insurance Infrastructures?
Date: Thursday, May 16, 2013 Time: 16:30-17:30
Location: WALCHENSEE
How will the Directive on Network and Information Security (NIS) Proposed by EU affect Critical Banking & Insurance Infrastructures?
The EU recently announced a broad cyber security strategy which will be accompanied by a Directive on Network and Internet Security (NIS Directive). The aim of this strategy is to to ensure a secure and trustworthy "digital life", while promoting and protecting fundamental democratic rights like privacy and data protection. The proposed NIS Directive has a similar layout like the critical infrastructure/cybersecurity program currently existing in the United States. However, it significantly...
The Upcoming Cybersecurity Strategy for the European Union - What does it mean for your Enterprise?
Date: Thursday, May 16, 2013 Time: 14:00-15:00
Location: AUDITORIUM
The Upcoming Cybersecurity Strategy for the European Union - What does it mean for your Enterprise?
On February 7, 2013, the European Commission launched its cybersecurity strategy for the European Union (“Strategy”). As part of this Strategy, the European Commission also proposed a draft directive on measures to ensure a common level of network and information security (“NIS”) across the EU. The proposed Directive is a key component of this Strategy. It introduces a number of measures to enhance cybersecurity, including:
The requirement for EU Member States...
Compliance in Hybrid Clouds - Integrated Process Management Despite Regulatory Requirements?
How can hybrid clouds join together so that a user company operating the respective compliance requirements in the necessary deployment option (leave) and still be able to ensure a consistent and legally compliant process execution? Hybrid cloud connectivity capabilities are a key enabler of the near and long term usage of cloud services. During this session we will show what kind of different hybrid scenarios we see as applicable today at our members, what are the detailed challenges and...
Fast Tracking your Risk Strategy for the Cloud
Date: Thursday, May 16, 2013 Time: 15:00-16:00
Location: AUDITORIUM
Fast Tracking your Risk Strategy for the Cloud
Will your Cloud fail the next audit? Do you have a handle on your risk strategy for the Cloud? Is this level of maturity only suited for Enterprises? Can a smaller businesses do this effectively? This session will outline how to build a scalable Cloud risk strategy based on ISO 27005 and CSA Guidance. This talk will set the tone and enable delegates to come home and fast track a Cloud risk strategy.
Cloud Security is only valuable if you have a robust process to identify risk. Managing...
The Reason why RLB Moved to the Cloud
The presentation details how insecure RLB´s IT systems and infrastructure once were; the server infrastructure was held in a local government building with open public access, the building was classified by the British security services as being a terrorist target and there were periods where we couldn´t enter the building safely in case of an emergency because the building is often used for filming TV series (I walked past Robert Vaughan from "The Magnificent Seven" once!) and...
Top Ten Tips for Negotiating and Assuring Cloud Services
Date: Thursday, May 16, 2013 Time: 16:30-17:30
Location: AUDITORIUM
Top Ten Tips for Negotiating and Assuring Cloud Services
How can an organization safely adopt cloud services to gain the benefits they provide? The easy availability of cloud services has sometimes led to line of business managers bypassing the normal procurement processes to obtain cloud services directly without any consideration of the governance and risks involved. There is a confusing jungle of advice on the risks of cloud computing and how to manage these risks. This talk considers advice available and the practical approaches to negotiating...
Sessions:
Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Date: Thursday, May 16, 2013 Time: 14:00-16:00
Location: WALCHENSEE
Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Rosa’s presentation will outline the key considerations in selecting an enterprise IAM/IAG solution with focus an financial institutions. Areas to be covered include
business requirements,
architecture,
functionality,
integration,
compliance,
roadmap alignment
and much more.
Mastering the Challenge: Making Access Governance a Part of IT GRC and IT GRC a part of Enterprise GRC
Many organizations are facing sort of a “GRC sprawl”. There are many disparate initiatives for GRC (Governance, Risk Management, Compliance) at various levels of the organization and in different divisions. On the other hand, it is all about enforcing governance, meeting regulatory compliance requirements, and managing and mitigating risks. Access Governance, for instance, is about Access Risk. The only reason to do Access Governance is that Access Risks might result in...
Fighting Hydra – Strategies for Audit and Control of large Numbers of Applications
When setting up an access management and governance solution, large organizations often have to deal with hundreds of applications with different access control models. This creates various challenges on organizational and technical level, like for example: How should audit policies, attestation campaigns and request processes be set up across applications? How can reports and dashboards be tailored effectively? What is the most efficent approach with regards to connector technology?
This...
How will the Directive on Network and Information Security (NIS) Proposed by EU affect Critical Banking & Insurance Infrastructures?
Date: Thursday, May 16, 2013 Time: 16:30-17:30
Location: WALCHENSEE
How will the Directive on Network and Information Security (NIS) Proposed by EU affect Critical Banking & Insurance Infrastructures?
The EU recently announced a broad cyber security strategy which will be accompanied by a Directive on Network and Internet Security (NIS Directive). The aim of this strategy is to to ensure a secure and trustworthy "digital life", while promoting and protecting fundamental democratic rights like privacy and data protection. The proposed NIS Directive has a similar layout like the critical infrastructure/cybersecurity program currently existing in the United States. However, it significantly...
Stay Connected
European Identity & Cloud Conference 2013
- Language:
- English
- Registration fee:
-
€1980.00
$2475.00
S$3168.00
21780.00 kr
INVOICE
- Contact person:
-
Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
- May 14 - 17, 2013 Munich/Germany
Partners
The European Identity & Cloud Conference 2013 is proud to present a large number of partners
Learn more
How can we help you