The Sarbanes-Oxley Compliance Journal published my piece on a maturity mdoel for identity management. You can read the full article here.
Achieving Compliance Through Identity Maturity
2006-10-27 12:00:00.0 CDTWhere do you want to be and how do you get there?
By Anshu Sharma
Security and identity management have become an important issue on the radar of CFO’s and CIO’s as wave after wave of regulations in the areas of financial controls, privacy protection, and identity theft prevention are adopted in various countries. US companies will spend upwards of $15 billion on technology products and professional services this year alone in order to adhere to new compliance regulations, according to AMR Research, Boston.
The initial response by organizations to these regulations has been to adopt a piecemeal approach but a duct-tape approach to fixing every possible identity and security loophole results in high expenditure without a sense of how close the business is getting to its end goal. The end goal is to be a secure, well-managed organization with optimized processes for employee on-boarding and off-boarding, and efficient controls that prevent fraud and detect problems in a timely manner. The path to this goal traverses through various levels of maturity.
Nishan Kaushik who is an identity management guru and architect for the Oracle Identity Management products has written some excellent pieces on provisioning and role management at Talking Identity Blog.