Revocation Automation Ratio (Indicator - IAM)

Revocation Automation (Process - IAM)

Revocation Automation Ratio

1.0 READY FOR PEER REVIEW

Where:

• 

• is the set of IT systems in the scope

• is the set of IT systems for which revocation is automated

• is the set cardinality function

This indicator is improper for benchmarking unless scopes are comparable. Thus, reporting of this indicator must always be accompanied with its scope definition.

The ratio of revocation automation shows the extent to which revocation has been automated. Assuming that automation accelerates and makes revocation more reliable, it is expected that a high revocation automation ratio leads to higher productivity, strengthened security and reduced risks.

• IAM Manager

• CISO

• IT Risk Managers

This indicator may be specialized for different scopes. See Revocation Automation (Process - IAM) for typical scopes.

• In certain circumstances, the economical benefits of automation may be unjustifiable (e.g.: when processing low volumes of IAM artifacts on non-sensitive IT systems). Pursuing this indicator blindly could lead to economical waste.

• Poorly implemented automation may lead to new risks, e.g. silent automation errors leading to a false sense of security, automation mechanisms that are vulnerable to compromission or lead to denial of service.

• Blind spot: the ratio version of the indicator hides newly setup and decommissioned IT systems.

• IT System inventory

• CMDB

• IAM software platform

• Revocation Automation (Process - IAM)

• Revocation Automation Level (Indicator - IAM)