NewsDude
09-15-2008, 03:30 PM
Imagine that you're on the golf course, one of your clones is at work, and the other clone is preparing dinner. It sounds like a perfect scenario until the clone at work gets fired and the other clone burns down your house. Just as managing multiple physical identities would present challenges and expose you to greater risk, managing or auditing multiple logical identities, like user IDs, passwords, and permissions on various systems, poses a formidable challenge and greatly increases risk exposure. This is where identity and access management (IAM) comes in.
Identity management addresses the difficulties encountered when one physical user has separate user IDs and passwords on multiple systems and applications. Access management addresses the challenges associated with the specific access rights and permissions of multiple user IDs. Identity and access management becomes more burdensome as the size and complexity of the company grows. This article focuses on the benefits, risks, leading practices and audit considerations of both identity and access management.
Evaluating the IAM Business Case
Generally, the larger and more complex your organization, the greater the potential benefit that would be derived from software-based IAM. Alternatively, smaller and less complex organizations may find that simply performing an IAM readiness review could generate policy and process improvements that would facilitate compliance and information-security initiatives that would allow the organization to realize benefits without implementing new software.
Policy and process improvements include user ID naming conventions; process work instructions that clearly detail steps for user administration functions; defined segregation of duties policies; and user ID reviews that focus on higher risk systems. Standard cost/benefit models can be used to generate a realistic IAM business case as long as the model adequately considers implementation risks and a thorough analysis of a company's unique business circumstances.
Benefits of IAM to Internal Control
Compliance with Sarbanes-Oxley section 404...
More... (http://www.toptechnews.com/story.xhtml?story_id=61841)
Identity management addresses the difficulties encountered when one physical user has separate user IDs and passwords on multiple systems and applications. Access management addresses the challenges associated with the specific access rights and permissions of multiple user IDs. Identity and access management becomes more burdensome as the size and complexity of the company grows. This article focuses on the benefits, risks, leading practices and audit considerations of both identity and access management.
Evaluating the IAM Business Case
Generally, the larger and more complex your organization, the greater the potential benefit that would be derived from software-based IAM. Alternatively, smaller and less complex organizations may find that simply performing an IAM readiness review could generate policy and process improvements that would facilitate compliance and information-security initiatives that would allow the organization to realize benefits without implementing new software.
Policy and process improvements include user ID naming conventions; process work instructions that clearly detail steps for user administration functions; defined segregation of duties policies; and user ID reviews that focus on higher risk systems. Standard cost/benefit models can be used to generate a realistic IAM business case as long as the model adequately considers implementation risks and a thorough analysis of a company's unique business circumstances.
Benefits of IAM to Internal Control
Compliance with Sarbanes-Oxley section 404...
More... (http://www.toptechnews.com/story.xhtml?story_id=61841)