Most financial institutions nowadays have sophisticated risk management tools in place, maybe even profiling traders and their habits, searching email traffic for keywords which might be worth checking for fraudulent activities, and much more. But what sense would all that make, if authorizations and priviliges are not provisioned or, more important, de-provisioned in time, and if access to internal applications is not secured with strong authentication and even biometric identification? If banks don't leave the doors of their bullet-proof safes open - why do they leave access to applications open, where billions of Euros can be moved to places where they are not supposed to be moved to?
Cases like the recent one at Société Générale show that internal risks can only be kept at a manageable level through an integrated Enterprise GRC & Identity Management strategy. This panel will highlight and discuss various types of internal threats and mark the key points of such a strategy eliminating these threats.
What is necessary to track down manipulations to (financial) applications? How can regulatory compliance be audited and monitored in a cost-sensitive yet effective way? Dr. Boehmer has worked on a model for automated monitoring of the fulfillment of legal, institutional, and organizational requirements, which he calls "compliance analysis". In contrast to classic methods used for safeguarding corporate networks, which can primarily be described using first order logic calculus, e.g. through signatures or patterns and rule systems, methods used by knowledge-based systems (data mining) are more advisable in the case of compliance analysis. Boehmer´s model is borrowed from criminology and is referred to as compliance profiling.