Freely subscribe to our NEWSLETTER

1) Use modern risk management systems combined with access intelligence

Access intelligence solutions are based on BI technology and enable companies to ensure that all important information relating to compliance is captured and documented – for example, “Who currently has which permissions?” or “What permissions did this person have in the past?”. Access intelligence shows companies directly where problems may arise and should deliver detailed information to help them reduce risks. With an access intelligence solution based on BI technology, users can generate reports tailored to the company’s specific requirements. Powerful drill-down and drill-through functionality gives users immediate, fact-based answers to ad hoc questions.

2) Implement risk management in phases

Think big, start small! The solution’s business intelligence foundation gives users huge potential to undertake extensive analyses. This is why it is a good idea to implement a system using a step-by-step approach so that it can be deployed quickly and extended as needed. The technology itself is only implemented right at the end. Ideally, companies should start by focusing exclusively on the potential for risks and determine who will undertake the risk analysis. Experienced consultants should be available to support every project, and provide well-founded suggestions and recommendations for action. This method helps companies implement and deploy their risk management system quickly. The risk analysis process can be extended later as necessary.

3) Obtain fast and reliable risk management assessments – at all levels of the company

Intelligence-based risk management should benefit four main groups of people in the company. It should help auditors minimize the time needed to meet their audit requirements. It should also enable them to use drag and drop and viewing options to answer spur-of-the moment questions regarding access management in a flexible, fast and customizable manner. IT administrators and IT security staff should have drill-down and drill-through options to access comprehensive analyses and information in practically any format. This helps them assess the risk associated with the access authorizations they assign. Management should have dashboards available that provide them with weighted information and key risk indicators. This helps decision-makers to quickly and conveniently determine what follow-up activities are necessary and minimize risk. Dashboards also ensure that managers can measure and quantify access risk. Lastly, business users benefit from an easy-to-use and intuitive access risk management tool that provides ready-made reports and analysis options and can optionally deliver push information on a regular basis.

4) Use qualitative, content-related assessments

When companies implement a risk assessment system, they should ensure that the recipients of the information – such as top management, department heads and auditors – only receive the exact information that will be useful to them, instead of simplistic, quantitative risk assessments. The decisive factor here is the quality of the information delivered, rather than the quantity. Qualitative reports are based on key indicators that comprise large quantities of data that have been aggregated to form these qualitative reports. This enables users to immediately pinpoint the most important data and focus on high risk areas.

5) Identify high-risk users

It is not always possible to capture and assess risks in permissions management due to the amount of time the process takes. More than any others, the very risky permissions should be identified, assessed and dealt with using suitable measures. Companies should check special rights regularly to find out who the authorizations have been assigned to, which overarching group or role uses them, and which activities are carried out by the users with special permissions. Identifying users with high-risk privileges, permissions or authorizations helps companies to concentrate on monitoring these groups. It provides a fast and focused analysis that can be followed up with the appropriate actions. Ces cinq points permettent de cartographier aisément les risques d’accès et de mettre en œuvre un dispositif de contrôle de conformité efficace et performant.