Process | Revocation Automation (Process - IAM) |
|---|
Indicator | Revocation Automation Ratio |
|---|
Version | 1.0 | Status |
|---|
| colour | Blue |
|---|
| title | Ready for peer review |
|---|
|
|
|---|
Formula | Where: is the set of IT systems in the scope is the set of IT systems for which revocation is automated is the set cardinality function
|
|---|
Benchmarking | This indicator is improper for benchmarking unless scopes are comparable. Thus, reporting of this indicator must always be accompanied with its scope definition. |
|---|
Rationale | The ratio of revocation automation shows the extent to which revocation has been automated. Assuming that automation accelerates and makes revocation more reliable, it is expected that a high revocation automation ratio leads to higher productivity, strengthened security and reduced risks. |
|---|
Stakeholders | IAM Manager CISO IT Risk Managers
|
|---|
Scopes | This indicator may be specialized for different scopes. See Revocation Automation (Process - IAM) for typical scopes. |
|---|
Negative Effects | In certain circumstances, the economical benefits of automation may be unjustifiable (e.g.: when processing low volumes of IAM artifacts on non-sensitive IT systems). Pursuing this indicator blindly could lead to economical waste. Poorly implemented automation may lead to new risks, e.g. silent automation errors leading to a false sense of security, automation mechanisms that are vulnerable to compromission or lead to denial of service. Blind spot: the ratio version of the indicator hides newly setup and decommissioned IT systems.
|
|---|
Data Sources | IT System inventory CMDB IAM software platform
|
|---|
See Also | |
|---|