OM-IND-0010: Revocation Automation Ratio (Indicator - IAM)

Owned by David Doret
Last updated: 15-11-2020
1 min read

ID

OM-IND-0010

Process

Indicator

Revocation Automation Ratio

Version

1.1 Ready for peer review

Formula

Where:

  • is the set of IT systems in the scope

  • is the set of IT systems for which revocation is automated

  • is the set cardinality function

Benchmarking

This indicator is improper for benchmarking unless scopes are comparable. Thus, reporting of this indicator must always be accompanied with its scope definition.

Rationale

The ratio of revocation automation shows the extent to which revocation has been automated. Assuming that automation accelerates and makes revocation more reliable, it is expected that a high revocation automation ratio leads to higher productivity, strengthened security and reduced risks.

Guidelines

IT Ass

Stakeholders

  • IAM Manager

  • CISO

  • IT Risk Managers

Scopes

This indicator may be specialized for different scopes. See for typical scopes.

Negative Effects

  • In certain circumstances, the economical benefits of automation may be unjustifiable (e.g.: when processing low volumes of IAM artifacts on non-sensitive IT systems). Pursuing this indicator blindly could lead to economical waste.

  • Poorly implemented automation may lead to new risks, e.g. silent automation errors leading to a false sense of security, automation mechanisms that are vulnerable to compromission or lead to denial of service.

  • Blind spot: the ratio version of the indicator hides newly setup and decommissioned IT systems.

Data Sources

  • IT System inventory

  • CMDB

  • IAM software platform

See Also

Sample Visual Representation

 

 

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.