- IAM is a subset of IT Governance (should we have an identity arm of IT Governance or should IAM run Governance meeting of its own)
- Access in IAM is risk mitigation
- IAM-GRCM - controlling activities and compliance in enterprise apps
- GRCM is required to deliver "best practices"
- GRCM is heterogeneous and complex, requiring heterogeneous IAM infrastructure
- Addressing GRCM is IAM's showing "maturity" and increase success and quality
- How does IAM cut costs? (this is straightforward)
- trends in IAM GRCM
- IT Austerity Programs - what are the assets in the organization (identity, entitlement, roles)
- Why IAM Suite?
- Cost savings, GRCM with risk based decisions, best in class GRCM (dont expect just one comprehensive IT Tool for it)
- Deliver transparency of information while establishing "principles of privilege" to reduce litigation concerns and overall risk
- the biggest challenge of IAM is figuring out what access to give people
- IAM Maturity
- Infrastructure procedures ---> business processes
- Security basic -------> managing risk
- Coarse grained access ------> fine grained access
Seven Ps of GRCM
- Principles
- Policies
- Practices
- Processes
- People
- Products
- Production
- IAM timeline
- 2008 IAM to IT Services
- 2012 Business Enablement
- 2016 Profitability
- GRCM timeline
- Today - compliance
- 2008 Risk Management
- 2012 - Profitability
- Multi-regulatory, Cross enterprise - business stakeholders should get into compliance, reports, audits, defining access
No comments:
Post a Comment