Data and access governance is wide-reaching but too often I see companies giving their governance efforts to narrow of a scope, which results in new gaps and risk findings showing up in audits and assessments as regulators and auditors make successive passes. Many organizations feel like auditors just make up new requirements each time they come through. I think the reality is more a product of 3 dynamics:
- IT Management tends to define requirements and scope reactive to auditor risk findings.
- Auditors have limited hours for each audit and can only look at so much. When they do repeat audits they can quickly recover the ground covered last time – leaving time to look deeper/wider this time around.
- Auditors tend to get training each year for new areas/technologies of your network to look at.
In this webinar we are going to take a look at Data and Access Governance from the top level and attempt to identity all the bases you need to cover and several different dimensions, including:
- Technology components
- End-user access
- Privileged access
- External user access
- Identity management
- Audit trails
- Security of data at rest and in motion
- Configuration control
This webinar isn’t intended to be a complete guide for a Corporate Information Security department because there are still plenty of infosec areas outside the scope or at least peripheral to Governance like anti-malware, APTs and intrusion prevention systems.
Depending on the maturity and resources of your organization you may not be able to cover all of these areas of governance immediately but it’s critical to know all the skeletons in the closet, all your risks and all the bases that need to be covered before you start prioritizing and making strategic decisions. It’s a shame to spend several years of resources on one problem that auditors bring up this year just to find out that they bring you “new” and bigger risks next year to be addressed.
Please join me for this “big-picture” level real-training-for-free event™. It’s sponsored by Dell Software and Jason Remillard will briefly map Dell’s large fleet of IAM solutions to all the different areas of Governance that they cover.
Please register now!