...
Responsibility | Category | ||||||
|---|---|---|---|---|---|---|---|
Assess existing IAM capabilities, develop a risk-based IAM strategic roadmap aligned with the organization's goals and obtain top management sponsorship for it |
| ||||||
Embrace Identity and Access Management holistically including Workforce IAM, 3rd Party IAM, Client IAM, Object IAM, Technical IAM or PAM and Physical Access |
| ||||||
Assure that the IAM function and program are supervised by adequate governing bodies |
| ||||||
Design and implement IAM policies that establishes clear requirements and accountability for IAM topics |
| ||||||
Develop an IAM technological roadmap to sustain the organization's digital transformation |
| ||||||
Find, recruit, train and develop IAM talents |
| ||||||
Design and implement an authorization process that assure the legitimacy and appropriateness of access permissions |
| ||||||
Assure coverage of IAM processes over the information system by dynamically integrating IT Asset Management inventories |
| ||||||
Identify and analyze IAM related risks in alignment with the organization's risk management framework |
| ||||||
Conduct regulatory and industrial watch to identify regulatory, contractual and industrial requirements and best practices |
| ||||||
Facilitate and provide evidences for internal and external audits on IAM related topics and manage related findings and recommendations |
| ||||||
Embed IAM requirements by design in the SDLC, Project, and Change Management processes |
| ||||||
Assure adequate traceability in IAM processes to fullfill compliance and security requirements |
| ||||||
Reconciliate systems with authorizations to identify and act upon anomalous identities and accesses |
| ||||||
Use data analytics to identify and respond to anomalous identities, accesses, and behaviors |
| ||||||
Effectively implement IAM remediation plans to mitigate IAM related risks |
| ||||||
Assure identity proofing and XXX |
| ||||||
Implement roledrole-based and other access control models to assure least privilege and its specialized form need-to-know |
| ||||||
Design, implement, and execute IAM controls to efficiently and effectively assure compliance with regulatory, contractual and industrial best practice requirements |
| ||||||
Home office and remote access |
| ||||||
Privileged and technical access management |
| ||||||
Off-boarding and security |
| ||||||
Mitigate fraud and accidents by deploying SoD and toxic rights controls |
| ||||||
Deploy authentication mechanisms whose robustness is commensurate with risk |
| ||||||
Clean the information system from orphaned accounts |
| ||||||
Recertification |
| ||||||
Remediate anomalous identities and accesses |
| ||||||
Define and implement a password and secrets management policy |
| ||||||
Federation with 3rd parties |
| ||||||