User Account

All Pages

Define a tactical strategy for the remediation of the access

Assignment Help Computer Engineering
Reference no: EM133512247

CASE STUDY

A global organization struggles to effectively implement tools and technologies to support identity and access management, with a particular emphasis on the access certification process, to periodically validate user access appropriateness. Continued issues arise throughout the organization's remediation efforts, highlighting key lessons learned that can be extrapolated in the areas of communication, planning, roles and responsibilities, technology selection and implementation, among others.

XYZ Finance Corporation, a leading financial services company, had encountered significant issues with its access management program due to a lack of compliance with internal and external reporting requirements. Compliance pressure built after external auditors issued a management letter identifying significant deficiencies related to the effectiveness of the global access certifications conducted. These issues were experienced internally as the institution continued to struggle with the implementation of the supporting access certification tool, where performance-related issues had arisen, hindering the ability to effectively leverage key functionality required by the business.

Background and Issues

Two years prior to being issued the management deficiency letter, the organization had purchased a certification tool from a leading vendor in the marketplace-let's call this tool "Enterprise Access Governance (EAG)" for the purposes of this case study. The EAG certification tool and the associated access review and certification process had become critical to the organization from both a compliance and a risk reduction measure. The access review process served as the key control to periodically evaluate the appropriateness of access over time within the organization. Given the inherent risks associated with transactional systems and compliance mandates, these controls were heavily relied upon as a means to restrict inappropriate access. The scope of the reviews included both global Sarbanes-Oxley (SOX) systems and those deemed high risk by the business. After the EAG tool was implemented, performance limitations were quickly discovered, forcing the review process to be initiated once a year when the business could certify the appropriateness of access decisions and invoke access changes if needed. While an annual review provided some level of risk reduction, higher risk areas of the business would have benefited from recertifying their systems more frequently. Due to significant performance issues with the tool's overall availability and responsiveness, the review process proved to be very inefficient, costing the organization valuable resource time.

Due to the organization's significant reliance on the access review process to manage access risk and meet compliance objectives, it was deemed imperative that remediation efforts begin quickly to address the issues raised.

Question: The organization developed a response plan with the following main objectives:

  • Define a tactical strategy for the remediation of the access certification control deficiencies as documented in the audit management letter.
  • Define the revised business and functional requirements for the access certification process using a risk-based approach and leveraging the lessons learned from the prior execution of the control.
  • Deploy the updated enhancements required by the business to the existing EAG tool, or replace the existing tool with an alternate technology that would fully support the business requirements for the recertification control.

 

Reference no: EM133512247

Questions Cloud

Briefly describe the research study you selected : Briefly describe the research study you selected. Explain what difference validity and reliability make in the study you selected and why.
Investigate how the company can do that : Investigate how the company can do that. The chief information officer would like you to produce a report that helps them to progress this change towards
What is main difference between the theoretical orientations : What is a main difference between these theoretical orientations? What is similar between these theories? Which one do you more closely align with?
Dsicuss the civil war and reconstruction : The Civil War and Reconstruction: Peter Craft is a professor of military history at Mountain Crossing University. The university is offering a series of online
Define a tactical strategy for the remediation of the access : Define a tactical strategy for the remediation of the access certification control deficiencies as documented in the audit management letter. Define the revised
What are some principles of effective use of social media : What are some principles of effective use of social media and games that you might bring to this position and share with fellow faculty and staff?
Why democracy might make a country more or less egalitarian : Does democracy require equality of income or wealth? Discuss why democracy might make a country more or less egalitarian?
Key ethical issues in managed care environment : List and briefly outline key ethical issues in a managed care environment.
How the system works well enough that they can see the ways : This is someone who understands how the system works well enough that they can see the ways it could use improvement without jeopardizing what is already there.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd