Getting in control with regard to users and their authorizations is probably one of the most mentioned goals of IAM projects in the last couple of years. It sounds good, it feels good and it fits the GRC business speak perfectly. But many IAM projects have been and probably are struggling. Execution requires perseverance and effective change management. Due to budget cuts, project scope changes and seemingly everlasting emerging technologies the desired business ability to prove being in control unfortunately remains a challenge. In his presentation Dennis will share key lessons learned of several Access Governance projects carried out in 2009 and of projects still in flight.
When does Identity Risk become material to the business? How do we know when such risks become realized? Where do IT GRC controls appear in a multi-level risk strategy? These are some of the questions that large organizations are starting to ask. We present some answers for debate on this topic.
Ships that pass in the night, and speak each other in passing, only a signal shown, and a distant voice in the darkness; So on the ocean of life, we pass and speak one another, only a look and a voice, then darkness again and a silence." Is this an accurate description of identity management and GRC projects? Or, are identity management and GRC projects so closely related that there are no identity management projects but just GRC projects? In this session Jackson Shaw will discuss the business and technical drivers of GRC and IAM projects along with who are the “personas” in an organization who are driving these projects all to answer these questions: Is identity management dead? Is GRC the new identity management?