OM-IND-0011

Revocation Automation (Process - IAM)

Revocation Automation Level

1.0 Ready for peer review

Where:

• 

• 

• is the set of IT systems in the scope

• is the set of IT systems for which revocation is automated

• is the set of IT systems for which revocation is not automated

• is the set cardinality function

This indicator is improper for benchmarking because it uses absolute numbers. Use OM-IND-0010: Revocation Automation Ratio (Indicator - IAM) instead.

The level of revocation automation shows the absolute number of IT systems for which revocation is automated and for which it is unautomated. Assuming that automation accelerates and makes revocation more reliable, it is expected that an increase in automation or a decrease in unautomation leads to higher productivity, strengthened security and reduced risks. Showing absolute values, this indicator also reflects newly setup and decommissioned IT systems.

• IAM Manager

• CISO

• IT Risk Managers

This indicator may be specialized for different scopes. See Revocation Automation (Process - IAM) for typical scopes.

• In certain circumstances, the economical benefits of automation may be unjustifiable (e.g.: when processing low volumes of IAM artifacts on non-sensitive IT systems). Pursuing this indicator blindly could lead to economical waste.

• Poorly implemented automation may lead to new risks, e.g. silent automation errors leading to a false sense of security, automation mechanisms that are vulnerable to compromission or lead to denial of service.

• IT System inventory

• CMDB

• IAM software platform

Monthly

• Revocation Automation (Process - IAM)

• OM-IND-0010: Revocation Automation Ratio (Indicator - IAM)