By Naresh Persaud-Oracle on Sep 11, 2013
Risk = Hazard + Outrage. This was Peter Sandman's simple formula for executives to evaluate the risk and response to a potentially brand damaging event. With user access, the formula applies as well. If a trusted administrator gets access to the latest product specs and discloses the information to the public without consent, the hazard is financially high and the shareholder outrage is perhaps equivalently high. The net is directly equivalent to the risk of the event happening.
So when we consider who should have access to what, different users constitute different risk. A single administrator with root access may create a higher risk than the intern working in the mail room. The risk is directly related to the system and the data to which these individuals have access. Governing the data is directly related to how we govern the user access.
If these topics interest you, You will want to catch Jim Taylor and Neil Gandhi at Open World in session "CON8810: Who Should have Access to What -- Better risk management with Identity Governance" . Complete list of sessions click here.