Identity Risk Management23.04.2008 11:30-12:30 Moderator:
How to assess the maturity of Identity Management
Most of the companies have already set up or even implemented projects concerning Identity Management. But how is the status of Identity Management if looked at from a holistic perspective?
Many companies are concerned with the level they have reached, where they have improvement potentials and how they can and should progress. Marko Vogel explains how KPMG determines the stage of maturity of the organisation's Identity Management based on the KPMG reference model. The presentation clarifies that an organisation needs a lot more that a tool to receive a mature Identity Management. It is shown how different aspects are assessed, such as guidelines, governance, management review, processes and controls, and how they will be assigned to standardised maturity degrees according to their development. The presentation also explains what needs to be done to reach higher maturity degrees and illustrates this with practical examples. In addition, a Use Case demonstrates how the results of this position-fixing can be used for further adjustment.
Identity Risk Metrics
Identity Risk Metrics are a means of measuring the state of Identity Management in organizations. But done right, they can be much more than just a hint for risks. They can be enhanced to provide a specific set of business impact analysis, especially if they are seen as general Identity Metrics – which are relevant for risk but consist of more. Thus, these metrics can as well provide to a business value argumentation and support RoI calculations. In the session, Michael Kranawetter and Martin Kuppinger will discuss the potential within Identity Risk Metrics for businesses.