The German Telecommunications Act (TKG) and the German Banking Act §44 (Kreditwesengesetz) requires a set of GRC rules to be met by every financial organization, like banks, insurances and even their respective IT service providers. In addition to that, many organizations are facing potential risks, from outside the organization as well as from inside. In 2010, Fiducia IT AG initiated an initiative in order to meet GRC requirements regarding its data. One of these requirements emphazised on introducing and implementing a role and access model (RBAC), based on business roles.
The attendees will learn about the challenge, the objectives and the approach of introducing a RBAC model for an IT service provider, incl. role mining, separation-of-duties, internal controls, etc. You'll receive an impression how different parts of an organiziation take responsibility or advantage respectively from this approach, e. g. IT-Services, IT-Security or Corporate Organization .