The German Telecommunications Act (TKG) and the German Banking Act §44 (Kreditwesengesetz) requires a set of GRC rules to be met by every financial organization, like banks, insurances and even their respective IT service providers. In addition to that, many organizations are facing potential risks, from outside the organization as well as from inside. In 2010, Fiducia IT AG initiated an initiative in order to meet GRC requirements regarding its data. One of these requirements emphazised on introducing and implementing a role and access model (RBAC), based on business roles.
The attendees will learn about the challenge, the objectives and the approach of introducing a RBAC model for an IT service provider, incl. role mining, separation-of-duties, internal controls, etc. You'll receive an impression how different parts of an organiziation take responsibility or advantage respectively from this approach, e. g. IT-Services, IT-Security or Corporate Organization .
The Finance industry currently is the industry with the strongest regulatory pressure. But others aren't that far away - think about utilities, think about the eGovernment or healthcare. And the ones who don't feel under pressure yet: This will happen. Incidents like Wikileaks (threatening non-governments right now), information theft and the generally increased awareness will change what organizations have to do. Thus it is time to understand why and how you should act to be ready before it is too late.