Revocation Automation Ratio (Indicator - IAM)

Process	Revocation Automation (Process - IAM)
Indicator	Revocation Automation Ratio
Version	1.0 READY FOR PEER REVIEW
Formula	Where: is the set of IT systems in the scope is the set of IT systems for which revocation is automated is the set cardinality function
Benchmarking	This indicator is improper for benchmarking unless scopes are comparable. Thus, reporting of this indicator must always be accompanied with its scope definition.
Rationale	The ratio of revocation automation shows the extent to which revocation has been automated. Assuming that automation accelerates and makes revocation more reliable, it is expected that a high revocation automation ratio leads to higher productivity, strengthened security and reduced risks.
Stakeholders	IAM Manager CISO IT Risk Managers
Scopes	This indicator may be specialized for different scopes. See Revocation Automation (Process - IAM) for typical scopes.
Negative Effects	In certain circumstances, the economical benefits of automation may be unjustifiable (e.g.: when processing low volumes of IAM artifacts on non-sensitive IT systems). Pursuing this indicator blindly could lead to economical waste. Poorly implemented automation may lead to new risks, e.g. silent automation errors leading to a false sense of security, automation mechanisms that are vulnerable to compromission or lead to denial of service.
Data Sources	IT System inventory CMDB IAM software platform