Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity and Access Management

Published byGabriella Cook Modified over 6 years ago

Similar presentations

Presentation on theme: "Identity and Access Management"— Presentation transcript:

1 Identity and Access Management
Jackie D’Amato

2 What is Identity and Access Management (IAM)?
The process of managing who has access to what information over time IAM processes are used to: Initiate Capture Record Manage

3 Reasons for IAM Projects
Improved regulatory compliance Reduced information security risk Reduced IT operating and development costs Improved operating efficiencies and transparency Improved user satisfaction Increased effectiveness of key business initiatives

4 Concepts IAM attempts to answer 3 questions:
Who has access to what information Is the access appropriate for the job being performed? Is the access and activity monitored, logged and reported appropriately?

5 Relationship between IAM and Key Concepts

6 Identity Mgmt v. Entitlement Mgmt
IAM Process: designed to initiate, modify, track, record, and terminate specific identifiers associated w/ each account Entitlement Management: designed to initiate, modify, track, record and terminate the entitlements or access permissions assigned to user accounts

7 Access Rights & Entitlements
Access rights should be approved by the business owner and reviewed by IT department Privileged accounts should be monitored Access rights granted to all identities should be reviewed periodically Organizations should document their access rights policies and procedures

8 Provisioning Process

9 Periodic Audits Should consist of:
Identification of highest to lowest risk ID concentration Re-examination of process design Examination of operating effectiveness Review of provisioning process Examination of enforcement activity effectiveness Examination of administrative activity effectiveness

10 Internal Auditors Need to understand current IAM system:
Business architecture Policies Laws, regulations, mandates Budget Timeline Business requirements After audit, evaluate IAM and entitlement management

11 Questions??

Download ppt "Identity and Access Management"

Similar presentations

An Internal Control Overview

An Internal Control Overview
California Department of Food and Agriculture

California Department of Food and Agriculture
PRESENTED BY: TANESHA STOKES, VCO OF THE AUDITOR OF PUBLIC ACCOUNTS Procurement and the Auditor.

PRESENTED BY: TANESHA STOKES, VCO OF THE AUDITOR OF PUBLIC ACCOUNTS Procurement and the Auditor.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Carl D. Perkins Career & Technical Education Act of 2006 The Law, The Myths, The Legends February 2015.

Carl D. Perkins Career & Technical Education Act of 2006 The Law, The Myths, The Legends February 2015.
Internal Control.

Internal Control.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Internal Control and Internal Audit

Internal Control and Internal Audit
Eleonora Babayants Galaxy Consulting. Information Governance  It is the set of policies, procedures, processes, roles, metrics, and controls implemented.

Eleonora Babayants Galaxy Consulting. Information Governance  It is the set of policies, procedures, processes, roles, metrics, and controls implemented.
By Taver Chong, SFSU Associate Internal Auditor –

By Taver Chong, SFSU Associate Internal Auditor –
1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.

1 LOGICAL ACCESS FOR University Medical Group Saint Louis University Click the Speaker Icon for Audio.
General Motors Corporation 2008 Identity and Access Management Stuart McCubbrey Director, Information Technology Audit General Motors Corporation IIA Detroit.

General Motors Corporation 2008 Identity and Access Management Stuart McCubbrey Director, Information Technology Audit General Motors Corporation IIA Detroit.
The Importance of Compliant Identity & Access Management in Insurance Tuncay Küçüktaş - Aksigorta Assistant General Manager, CIO.

The Importance of Compliant Identity & Access Management in Insurance Tuncay Küçüktaş - Aksigorta Assistant General Manager, CIO.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.

C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.

Similar presentations

Ads by Google