critiques on this paper
Management Briefing: Identity Governance & Admin — Fowler
Contains unread posts
Jimmy Fowler posted Nov 6, 2017 8:17 PM
As leaders and managers in Sifers-Grayson, it is important to understand the ever-changing world dealing with information technology and cyber security; and why investing in an Identity Governance and Administration solution should be considered.
Before discussing solutions, we should define the problem. According to ISACA, Governance, is ensuring stakeholder needs, conditions and options are balanced to monitor performance and compliance. From what I can tell, it appears the current process Sifers-Grayson follows for issuing computer accounts is to fill out some paperwork and then an account on a computer is issued. At least the company has a paper trail, however, this leads to a lack of responsible network management and accountability; and does not meet the minimum-security practice. The problem associated with this is the lack of identity management and understanding of typical user behavior, being able to quickly run forensics, auditing and enforcing of policy and compliance.
Our founding father’s placed checks and balances when designing our government. As information owners, it is important to adopt the same thought process when dealing with the company network. Establishing “Separation of duties is a classic security method to manage conflict of interest, the appearance of conflict of interest, and fraud. It restricts the amount of power held by any one individual” (Gregg, Nam, Northcutt). Coupled with this security practice is ensuring polices are in place to enforce least privilege operations. Least privilege is essentially allowing only the permissions required for that individual to do their job. For example, we do not need an accounting executive to have full domain administrator rights just because they need to encrypt a file. Nor do you want your IT administrator checking their email or surfing their web in their full domain administrative role. They should only access those accounts as necessary, day-to-day operations should be accomplished with their regular user permissions.
Adopting an identity management software solution will help sure up the gaps in network security mentioned above, specifically the Role-based access control where the user is automatically stripped of system accesses not required for their job. For example, Kaseya offers a product called AuthAnvil (not endorsed by me) which protects company data by allowing only those authorized to access it and has a complete and integrated Identity and Access Management solutions. There are many commercially available products to help with Identity Governance and Administration solutions.
As you can see, implementing commercial solutions is an easy fix to a somewhat complicated IT problem set. As managers of key departments, it is imperative for you to understand the risk involved with company IT systems and make an educated decision for the strategic future of Sifers-Grayson.
References:
Glossary . (n.d.). Retrieved November 06, 2017, from https://www.isaca.org/Pages/Glossary.aspx?tid=1443…
Olzak, T. (2016, August 30). Identity governance and admin: beyond basic access management. Retrieved November 06, 2017, from https://www.csoonline.com/article/3113451/security/identity-governance-and-admin-beyond-basic-access-management.html
Gregg, J., Nam, M., Northcutt, S., & Pokladnik, M. (n.d.). Security Laboratory. Retrieved November 06, 2017, from https://www.sans.edu/cyber-research/security-laboratory/article/it-separation-duties
Chong, F. (2004, July). Identity and Access Management. Retrieved November 06, 2017, from https://msdn.microsoft.com/en-us/library/aa480030.aspx
"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.
Discount Code: CIPD30
Click ORDER NOW..
