Skip to end of banner
Go to start of banner

Revocations per Line Manager (Indicator - IAM)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Process

Line Manager Recertifications (Process - IAM)

Indicator

Revocations per Line Manager

Version

1.3 READY FOR PEER REVIEW

Formula

Given that:

  • is the set of all line managers in the organization

  • is the subset of line managers that have not completed their recertification

  • is the subset of line managers that have completed their recertification and revoked 0 access rights

  • is the access right revocation threshold above which revocations are considered abnormally high

  • is the subset of line managers that have completed their recertification and revoked between 1 and access rights inclusive

  • is the subset of line managers that have completed their recertification and revoked more than access rights

  • are exclusive subsets

  • is the set cardinality function

The indicator is composed of the following series:

No Recert

Recert 0

Recert Normal

Recert High

Parameters

We recommend to initially set and adapt it if necessary.

Benchmarking

This indicator is adequate for benchmarking given comparable recertification campaign scopes, campaign frequency and parameter value.

Rationale

The objective of this indicator is to measure the effectiveness of the LM Recertification process.

No Recert shows the ratio of line managers who failed to complete their recertification duty. This must be maintained as low as possible.

Recert 0 shows the ratio of line managers who completed their recertification duty but revoked 0 access rights. Two distinct causes may explain this result: 1) access rights were optimal and did not require any change or 2) the line manager ticked the boxes without due care. Further inquiry may be required to distinguish between the two.

Recert Normal shows the ratio of line managers who completed their recertification duty and revoked a number of access rights that is within expectations.

Recert High shows the ratio of line managers who completed their recertification duty and revoked an abnormally high number of access rights. A one time high may be caused by changes in the organization. But if the situation persists, this may reflect an inefficient setup where line managers must continuously adapt access rights. A root cause may be that RBAC is not implemented or improperly implemented.

Stakeholders

Scopes

This indicator may be specialized for different scopes depending on recertification campaigns. Typical scopes are:

  • Business applications

  • Sensitive business applications

Negative Effects

  • Measuring the number of revocations is only a proxy to assess the level of engagement of line managers. This indicator should be used with critical distance and complemented with other information sources to get a genuine picture of what’s going on. For instance, surveying line managers may provide rich feedback to improve the process efficiency and effectiveness.

Data Sources

  • IAM System

Typical Frequency

Same frequency than recertification campaigns. Often quarterly, half-yearly or annually.

See Also

  • No labels

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.