Access Governance

  •  TYPE: Track    START DATE: Wednesday, May 15, 2013     START TIME: 14:00    LOCATION:  AUDITORIUM
Parent Track


Access Governance, also called Identity and Access Governance (IAG) is a core discipline in any GRC (Governance, Risk Management, Compliance) initiative on one hand and also in any IAM (Identity and Access Management) initiative. Access Governance is about managing and governing access to systems and information, both on-premise and in the cloud. It is thus about reducing Access Risks. Specific Access Risk Management is one of the disciplines within Access Governance. Another one is Access Intelligence, which allows to analyze current access rights and identify access risks. Other elements are Access Request Management, centralized Access Warehouses, the support for standardized, efficient Access Attestation/Recertification, and Enterprise Role Management. The latter supports the common approaches of Role Based Access Controls but also delivers important role information as a core attribute in more advanced authorization concepts of ABAC (Attribute Based Access Control).

Continuing Education Credits

Prerequisites: None
Advance Preparation: None
Learning Level: Intermediate
Field: Computer Science

After attending this block you will be able to:

  • Explain why access governance is difficult to achieve
  • Define the stakeholders for access governance within the organization
  • Explain why Segregation of Duties is important to access governance
  • Describe how access governance is maturing beyond simple recertification of access rights
  • Describe the future trends in the market around expanding Access Governance to all types of access and to support for direct reconciliation
  • Describe how access governance was successfully introduced in an energy trading company
  • Describe how access governance processes were implemented in a bank using a central system.
  • Explain what access intelligence means in practice
  • Describe how an organization used COBIT 5 to assess access risks and launch a global identity  and access governance programme
  • Explain how to continuously identify and track access risks

This block qualifies for up to 5 Group Learning based CPEs depending on the number of sessions you attend.


A Success Story Introducing User Access Management for an Energy Trading Company

Date: Wednesday, May 15, 2013 Time: 14:00-15:00

A Success Story Introducing User Access Management for an Energy Trading Company
Dr. Carsten Mielke, E.ON Energy Trading SE

Background and Motivation for introducing User Access Management Project challenges Critical success factors Obstacles and how to overcome them Recommendations and Lessons learned

IAM Governance Outside IT
Ulrich Haumann, HypoVereinsbank

For organizations that are under strong governance control and dealing  with sensitive information on a daily basis, it is essential to know who has access to which data. One of the most important topics is to know this along the  business process. Before granting access to data or applications there must be done several reviews to assure compliance. In the classical approach this is done in the organization manly with paperwork and organizational processes and ends then in the IT...

Access Intelligence: The New Standard Feature of Access Governance?

Date: Wednesday, May 15, 2013 Time: 15:00-16:00

Access Intelligence: The New Standard Feature of Access Governance?
Darran Rolls, KuppingerCole / Cloud 10 • Niels von der Hude, Beta Systems Software • Rick Wagner, NetIQ • Thierry Winter, Evidian • Olivier Bandle, Cambridge Technology Partners • Abhimanyu Yadav, Simeio Solutions

Access Intelligence is a hot new topic within the discipline of Access Governance. But what is this really about? Is it just better reporting? Or is it about applying advanced Data Warehouse capabilities to analyze existing access rights, the use of them, the access risks etc.? Should it be built based on standard BI tools or should it become more tightly integrated? What is the real benefit compared to standard reporting of Access Governance tools? These are questions customers are raising...

Risk-based Access Management @Swiss Re
Daniel Frei, Swiss Reinsurance Company Ltd

The objective of the Enhanced Access Management @Swiss Re is to improve and simplify access management. Shifting Swiss Re’s access rights philosophy from the "need-to-know", where only the information one needs to know is accessible, to the "need-to-protect" approach, a risk-based focus on protection of critical information. Strong business support and rule-based automation enabled this change.

Access Risk Management: Continuously Identifying and Tracking Access Risks

Date: Wednesday, May 15, 2013 Time: 17:00-18:00

Access Risk Management: Continuously Identifying and Tracking Access Risks
Stefan Dodel, Oracle • Henk van der Heijden, CA Technologies • Sabrina Weimer, G+H Netzwerk-Design • Andrea Rossi, IBM

Ever since the big financial scandals, checking and reviewing of access rights, access rights concepts as well as compliance with the separation of functions in a company have been gaining more and more significance. We all know sensitive data in the wrong hands could cause substantial damage. Especially with growing IT landscapes and systems of multiple manufacturers it is important to overview the access rights situation continuously. Let´s talk about segregation of duties (SoD),...


European Identity & Cloud Conference 2013

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 14 - 17, 2013 Munich/Germany