Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Mission

Assure that only the right people and entities have the right access at the right time to enable the organization to securely reach its goals.

...

title

Responsibility

Domain

Category

Assess existing IAM capabilities, develop a risk-based IAM strategic roadmap aligned with the organization's goals and obtain top management sponsorship for it

All

Status
titleGovernance

Embrace Identity and Access Management holistically including Workforce IAM, 3rd Party IAM, Client IAM, Object IAM, Technical IAM or PAM and Physical Access

All

Status
titleGovernance

Assure that the IAM function and program are supervised by and report to adequate governing bodies

All

Status
titleGovernance

Design and implement IAM policies that establishes clear requirements and accountability for IAM topics

All

Status
titleGovernance

Develop an IAM technological roadmap to sustain the organization's digital transformation

All

Status
titleGovernance

Find, recruit, retain, train, and develop IAM talents

All

Status
titleGovernance

Design and implement authorization processes that assure the legitimacy and appropriateness of access permissions

All

Status
titleGovernance

Assure coverage of IAM processes over the information system by dynamically integrating IT Asset Management inventories

All

Status
colourBlue
titleIdentify

Identify and analyze IAM related risks in alignment with the organization's risk management framework

All

Status
colourBlue
titleIdentify

Conduct regulatory and industrial watch to identify regulatory, contractual and industrial requirements and best practices

All

Status
colourBlue
titleIdentify

Facilitate and provide evidences for internal and external audits on IAM related topics and manage related findings and recommendations

All

Status
colourBlue
titleIdentify

Embed IAM requirements by design in the SDLC, Project, and Change Management processes

All

Status
colourBlue
titleIdentify

Assure adequate traceability in IAM processes to fullfill compliance and security requirements

All

Status
colourBlue
titleIdentify

Reconciliate systems with authorizations to identify and act upon anomalous identities and accesses

All

Status
colourBlue
titleIdentify

Use data analytics to identify and respond to anomalous identities, accesses, and behaviors

All

Status
colourBlue
titleIdentify

Effectively implement IAM remediation plans to mitigate IAM related risks and remediate findings

All

Status
colourPurple
titleProtect

Assure identity proofing and XXX

status
colourPurple
titleProtect

Implement and maintain role-based and other access control models in consistency with the organizational structure and due respect for the least privilege and its specialized form the need-to-know principles

All

Status
colourPurple
titleProtect

Design, implement, operate, and continuously improve IAM controls to efficiently and effectively assure compliance with regulatory, contractual and industrial best practice requirements

Status
colourPurple
titleProtect

Home office and remote access

All

Status
colourPurple
titleProtect

Design, implement, and continuously improve privileged and technical access management processes and capabilities to effectively mitigate high privileged access risks

PAM/TAM

Status
colourPurple
Protect

Off-boarding and security

Status
colourPurple
titleProtect

Mitigate fraud and accidents by deploying SoD and toxic rights controls

All

Status
colourPurple
titleProtect

Deploy authentication mechanisms whose robustness is commensurate with risk

All

Status
colourPurple
titleProtect

Clean the information system from anomalous identities, including orphaned accounts, and access permissions

All

Status
colourPurple
titleProtect

Recertification

Status
colourPurple
titleProtect

Remediate anomalous identities and accesses

Implement an efficient off-boarding process that effectively mitigates the risk unauthorized access by employees who left the organization

Workforce IAM

Status
colourPurple
titleProtect

Define and implement a password and secrets management policy

All

Status
colourPurple
titleProtect

  •  Add item: Federation with 3rd parties

3rd Party IAM

Status
colourPurple
titleProtect

  •  Add item: Recertification

Workforce IAM

Status
colourPurple
titleProtect

  •  Add item: Home office and remote access

Workforce IAM, 3rd Party IAM, PAM/TAM

Status
colourPurple
titleProtect

  •  Add item: Identity proofing

All

Status
colourPurple
titleProtect