|
Because of IT-risk-management, compliance stands in the center of
IT-agendas in many companies. This means most of all that allocations
and revisions of access authorizations are securely documented and
always available for risk analysis. Failure to comply with these
minimized requirements, which really are standard procedures, will
lead to increased difficulties like lowering the result of a company’s
credit screening for example.
A CIO might ask him/herself how the revision request of access
authorizations can be achieved. Only one consideration within a
company should be reckoned, one that is capable to allocate processes
and can also display current and past authorization.
Often it is the goal to gain an overview of the actual authorizations
in a company. With a well organized IPM-solution it is possible to
give out centralized as well as decentralized authorizations and also
monitor them.
The Identity & Provisioning Management system offers a multitude of
functions which considerably support compliance and revision of an
authorization structure.
Internal control system (ICS)
To achieve an optimal support for compliance it is requisite to use an
internal control system (ICS) with its monitoring of security policies.
The ICS in bi-Cube®
monitors the admissibility of processes, steers on security components
and detects on the basis of an internal control system, conspicuous
processes. An integrated SSO supports the ICS with the possible
monitoring of dynamic information, for example a high user rate of
censored applications and the usage of those systems at certain time
periods during the day.
Security Classifications
The basis of ICS is the allocation of Security Classification (SC) to
all objects and attributes. A new user’s SC will be assigned to him,
based on his/her job description. This can be changed accordingly.
Additionally a SC can be allocated for selected rolls and systems or
attributes.
- Unmarked
- Unclassified
- Restricted
- Confidential
- Secret
- Top Secret
Thus by the SC in general, certain roles can be assigned
only to internal employees or a role which allows the access to
confidential enterprise data, by only the management with the
Classification:,top secret'. SC is the basis for ICS for example to
detect conspicuous processes.
With SC adequate security guidelines are defined. This could result in
the set up of security tests and a warning system to early detect conspicuous
processes.
Reports
It is vital for an enterprise to generate at all times structural
reports of accesses for revision and auditing purpose. With
bi-Cube®
it is possible, by the web, to gain an overview of present activities
in the IPM.
WHO did WHAT for WHOM and WHEN.
With bi-Cube®
reports can be created to users, to systems, to rolls, organizations and processes.
Every report can be exported in the text format: CSV (character separated
values) and therefore processed for further use and beyond
bi-Cube®
offers countless report functions like deadline reports or User-Life-Cycle
reports.
Secured operational concept
The secured IPM- operational concept separates the modelling of the
productive system and inserts an “approving authority”, which releases
specified modelling even before it can productively operate.
Core of this structure is the following development system:
Revision security with bi-Cube® by:
- proper and transparent administration of competences
- function-related competences through concept of rolls
- regards to also temporary absences
- no use of invalid authorizations in sub-systems
- separate competences at the remote access (example: web to host)
- process transparency by complete traceability of application process
|