Technology & Product Review for Identity Governance & AdministrationCase Scenario:
North-by-East Software is a small but growing software development company. A recently completed risk assessment found that the company had very weak controls over the issuance and management of user ID's and privileged accounts. The risk assessment recommended that the company implement two key controls to mitigate insider threats: least privilege and separation of duties. The risk assessment also highlighted the potential financial losses which could occur due to theft or disclosure of the company's strategic plans and intellectual property. The company's Chief Information Officer has recommended that an Identity Governance and Administration (IGA) product be purchased to help implement the required security controls.
As a member of the CIO's team, you have been tasked to research, review, and recommend an IGA product which, at a minimum, will meet the company's primary needs (controlling access, implementing least privilege, and ensuring separation of duties). Your product review and evaluation should include additional relevant features and characteristics which could help the company address and manage risks associated with insider threats.
Research:
- Review the Week 5 readings
- Choose an Identity Management or Identity Governance & Administration product which was mentioned in the readings. Research your chosen product using the vendor's website and product information brochures.
- Find three or more additional sources which provide reviews for (a) your chosen product or (b) general information about the characteristics of Identity Governance & Administration. Products.
Write:
Write a 3 page summary of your research. At a minimum, your summary must include the following:
An introduction or overview for the security technology category (Identity Governance & Administration).
A review of the features, capabilities, and deficiencies for your selected vendor and product.
Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.
As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. 5 Pillars IA, 5 Pillars Information Security, "governance," etc.).