Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Based Identity Governance Ken Willén, Senior System Engineer NetIQ.

Published byGrant Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Based Identity Governance Ken Willén, Senior System Engineer NetIQ."— Presentation transcript:

1 Risk Based Identity Governance Ken Willén, Senior System Engineer NetIQ

2 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 2 Identity governance is often a time-consuming necessity, of which it can be hard to prove the business value With Risk Based Governance, the required re- certifications will be based on the risk the different entitlements poses to the business and the employees actual use or misuse of them

3 3 All types of attacks misuse Identities! Insider attacks Accidental disclosures Hackers Advanced Persistent Threats

4 Identity is the key

5 5 Focus on the basics Identity, Access & Security together Enforce access controls Monitor user activity Minimize rights

6 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 6 Minimize rights - Re-Certification

7 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 7 The Burden of Re-certification Cost: Static re-certification schema: – Re-certification of users with no change Security: Re-certification according to potential risk – Re-certification schema does not follow increased/de-creased actual company risk – Re-certification is done with no insight in real use or potential misuse of entitlements – Too many re-certifications leads to bulk execution

8 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 8 Risk Based Re-Certification - Identity, Access and Security Together Has he logged on to the application in the last 6 month? Do he show suspicious behavior on high risk applications? Has his entitlements changed since the last full review?

9 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 9 Context Enrichment

10 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 10 Summary Identities poses a threat to our business Re-certification can minimize risk - but is costly Risk Based Re-certification improves security and reduces costs

11 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. 11

12

13 This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. Copyright © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.

Download ppt "Risk Based Identity Governance Ken Willén, Senior System Engineer NetIQ."

Similar presentations

Validator for Identity Manager Save Time, Improve Quality and Reduce Deployment Costs.

Validator for Identity Manager Save Time, Improve Quality and Reduce Deployment Costs.
Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2011 Autodesk Go Big or Go Home! Part 1 – Large Scale Autodesk Vault Deployments Irvin Hayes Jr. Technical Product Manager.

© 2011 Autodesk Go Big or Go Home! Part 1 – Large Scale Autodesk Vault Deployments Irvin Hayes Jr. Technical Product Manager.
Damian Leibaschoff Support Escalation Engineer Microsoft.

Damian Leibaschoff Support Escalation Engineer Microsoft.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Novell Vibe Webinar: Basic Business Issues March 6 th and 8 th Adam Wingate, Justin Larson, Landon Stott, Craig Altom Vibe Resource Library

Novell Vibe Webinar: Basic Business Issues March 6 th and 8 th Adam Wingate, Justin Larson, Landon Stott, Craig Altom Vibe Resource Library
50 Migrations in Less Than 24 Hours Name Title Date.

50 Migrations in Less Than 24 Hours Name Title Date.
02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

02 | Managing Users, Groups, and Licenses Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.

Executive Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.
Technical Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.

Technical Overview. PLEASE READ (hidden slide) To deliver this presentation effectively, you need to be familiar with Windows Server 2008 R2 management.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
| |

| |
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© 2011 Autodesk Suites and CAD Managers Jerry Milana Autodesk Consulting.

© 2011 Autodesk Suites and CAD Managers Jerry Milana Autodesk Consulting.

Similar presentations

Ads by Google