Most financial institutions nowadays have sophisticated risk management tools in place, maybe even profiling traders and their habits, searching email traffic for keywords which might be worth checking for fraudulent activities, and much more. But what sense would all that make, if authorizations and priviliges are not provisioned or, more important, de-provisioned in time, and if access to internal applications is not secured with strong authentication and even biometric identification? If banks don't leave the doors of their bullet-proof safes open - why do they leave access to applications open, where billions of Euros can be moved to places where they are not supposed to be moved to?
Cases like the recent one at Société Générale show that internal risks can only be kept at a manageable level through an integrated Enterprise GRC & Identity Management strategy. This panel will highlight and discuss various types of internal threats and mark the key points of such a strategy eliminating these threats.