• Governance, Compliance & Risk
• SOA
• Business Information Management
• User Centric Identity
• Cloud Computing
• Unified Communications
• Identity Federation
• Mobile Identity
• Internet Scale Identity
• Identity Driven Security
• Context Based Authentication
• eHealth
• eGovernment
• Automotive & Manufacturing
• Finance

Kuppinger Cole News

• 26.03.2010: Managing Cloud Security and Cloud Risk
• 26.03.2010: Identity, Security, Governance for the Cloud – Who is Who? A Market Overview
• 26.03.2010: Cloud Management – Sufficient to Mitigate Security Risks?
• 25.03.2010: The Internal Cloud – What are the Risks Involved and how to Avoid them?
• 25.03.2010: Cloud Computing Standards - Which ones are Already there and which ones are Missing?

Articles

Martin Kuppinger: GRC and IT Security - where is the link? 18.02.2010 Martin Kuppinger

GRC became one of the really hot topics in business and IT, especially in larger organizations, over the course of the last few years. However, there is a lot of confusion about the terms associated with GRC. In many organizations, few people have a clear view of what GRC involves and requires, and few organizations have an organizational structure for GRC with clearly defined responsibilities. Of these organizations, many have limited their GRC initiatives either to some aspects like “business only”, “risk only” or “IT only”. Read the article

Martin Kuppinger: Why CIO should put GRC on the New Year’s resolution list 30.12.2009 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is one of the best-known and least understood buzzwords in IT today. As is too often the case, a variety of stakeholders have seized on the expression and defined it any way they choose. Nevertheless, GRC belongs right up there on your list of New Year’s resolutions because it is (or should be) an essential part of overall IT strategy. Read the article

Martin Kuppinger: How to fight „GRC Anarchy“ 19.10.2009 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) has become a leading issue not only for IT professionals, but for senior management as well. However, it isn’t always clear who’s in charge. Responsibility for GRC is set to become a major issue in the coming months.. Read the article

Martin Kuppinger: GRC – a heavily segmented market 01.10.2009 Martin Kuppinger

GRC – Governance, Risk Management, Compliance. A typical buzzword, but well established right now. However, the problem of all emerging markets associated with a buzzword arises here as well: There are many different vendors with different types of offerings, all claiming to solve the GRC problem. But: The GRC problem has many facets and is (beyond “we have to manage risk, we have to be compliant”) largely undefined. We’ll publish a report these days on a GRC reference architecture followed by, probably in early November, a market segmentation report, placing vendors in one or more appropriate segments. Like every valid and successful emerging market, GRC will move from a large set of different solutions towards a market with some well defined segments of vendors. Read the article

Martin Kuppinger: Compliance as a risk? 02.04.2009 Martin Kuppinger

GRC (Governance, Risk Management, and Compliance) has become a core issue for any CIO over the course of the last few years. SOX brought popularity to IT compliance – and nowadays everyone seems to talk about GRC. But sometimes, the approaches chosen seem to increase risk instead of mitigating it. Read the article

Martin Kuppinger: The need for a holistic approach to IAM, GRC, DLP, PAM, and IRM 04.03.2009 Martin Kuppinger

IT is very well-known for first its ability to create three-letter acronyms and second the mix-up of different marketing terms, leading to overlapping and sometimes pretty unclear market segments. Besides, many vendors try to convince people that their (and only their) solution is sort of the holy grail for all problems. Read the article

Martin Kuppinger: Enterprise Role Management 16.12.2008 Martin Kuppinger

The Kuppinger Cole definition of generic GRC tools which support a consistent platform approach to GRC requirements, includes role management capabilities as one of the core functional areas. To efficiently implement GRC, organizations should consider an enterprise role management approach. Read the article

Felix Gaehtgens: ArisID is born – a next generation Identity Framework for Developers 15.12.2008 Felix Gaehtgens

The Liberty Alliance has announced the availability of ArisID and Project Aristotle. In a recent Webcast, Oracle’s Phil Hunt presented ArisID and demonstrated its usefulness to software developers. This innovation makes it easier to develop applications that are becoming increasingly less dependent on where identity information is stored, making applications easier to deploy in an identity management infrastructure. Read the article

Martin Kuppinger: The need for an integrated risk management 27.11.2008 Martin Kuppinger

During our GRC Forum 2008 which we’ve held in Frankfurt, one of the important discussions was around the way risk management should be implemented. There was broad agreement on the thesis that IT Risk Management and Enterprise Risk Management can’t be separated – at least not beyond the part which deals with strategic risks. Read the article

Martin Kuppinger: Governance, Risk Management, Compliance 20.10.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is presently a core topic for every mid-sized and large organization. The number of regulations is growing. Auditors are focusing on Corporate Governance and IT Governance, are asking for risk managements and are looking on access controls and other specific IT aspects. Read the article

Martin Kuppinger: Trend Report IAM and GRC 2009-2019 29.09.2008 Martin Kuppinger

Investments in IAM and GRC have to solve current needs - but what about the future? With IAM and GRC building the cornerstones of a holistic security infrastructure, decisions within these areas are fundamentally influencing corporate IT and therefore should remain valid beyond a scope of some two or five years from now. For sure, things will change and technologies will evolve. But there are trends which can help in supporting decisions on IAM and GRC investments and reducing the risk of these decisions. Read the article

MARTIN KUPPINGER: GRC – one needs it 12.08.2008 Martin Kuppinger

It is presently discussed, especially in USA, whether GRC (Governance, Risk Management, Compliance) or to be exact, standardized solutions are more significant for GRC. It is interesting to note the blog-contributions from Archie Reed, HP on this. I also commented on the same in one of my current blog-contributions. Read the article

Mike Small´s Keynote at EIC 2008 21.05.2008 Joerg Resch

If you put together 40 years of experience in computer industry, an extra portion of extra-dry British humor and excellent thought leadership, you´ll get the right mix to really understand, wether Security, Privacy and Trust are a mission impossible. Thank you Mike Small (CA) for this great keynote. Read the article

Marne Gordan´s Keynote at EIC 2008 21.05.2008 Joerg Resch

Marne´s brilliant keynote on the 32 Billion $ (2008) GRC Market. Talking about some famous examples in finance and health industries, she reminds us, that it is all about human behavior, when it gets down to the question, why GRC is so important. Read the article

GRC and Role Management 19.04.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization. Read the article

Identity Theft ? state of affairs 28.09.2007 Martin Kuppinger

Identity Theft is anything but new, but still an exigent as well as unsolved problem. Only recently, Reto Hartinger, initiator of internet-briefing-ch, told me about a rather glaring case of Identity Theft, described and discussed in detail in his blog Read the article

Role management - where is it heading? 15.07.2007 Martin Kuppinger

I am working on a comprehensive report on standard tools for Role Management and their vendors. This has long been an item on my to-do list, but only now it has gained top priority. The reason is of course that Role Management was a cutting-edge issue on KPC`s European Identity Conference. Read the article

Trends in Provisioning 05.07.2007 Martin Kuppinger

What will be ?the next big thing? of Identity Management? I think there will be two development steps both deserving to be described like this. Read the article

Identity Management and Business 05.07.2007 Martin Kuppinger

I always appreciate feedback on my newsletter articles ? especially positive feedback, of course. Recently I was able to do so twice: The first positive feedback concerned my article about Roles Management in one of our latest newsletters, the second referred to the text on Data Quality some time before. In both cases, I would like to add some important thoughts to the discussion. Read the article

The future of role management 29.06.2007 Martin Kuppinger

In connection with Identity Federation, a discussion repeatedly circulating about Role Management is being renewed. A closer look at the discussion, however, reveals as a main focus the question how to best model roles ? suggesting that no big change is in sight! Read the article

Governance automation 29.06.2007 Martin Kuppinger

Recently, the term Compliance Automation has become quite common. But ? as often with new terms ? a consistent comprehension of its meaning is still missing. In the following I would like to try a definition and a contextual placement. Read the article

Reports

Provisioning and Access Governance Trends 10.02.2010 Martin Kuppinger

Kuppinger Cole Webinar recording

Download

How to Easily Provide the Detailed Insight into your Systems the Auditors (and you) Need 21.01.2010 Martin Kuppinger

Kuppinger Cole Webinar recortding

Download

How to Start: Recertification or Active Access Controls First? 09.12.2009 Martin Kuppinger

Kuppinger Cole Webinar recording

Download

How to Efficiently Implement SoD Controls: Which Level Works? 09.12.2009 Martin Kuppinger

Kuppinger Cole Webinar recording

Download

XACML: The Holy Grail of Access Governance? 09.12.2009 Martin Kuppinger

Kuppinger Cole Webinar Recording

Download

5 Golden Rules for Efficiently Implementing Access Governance 08.12.2009 Martin Kuppinger

Kuppinger Cole Webinar Recording

Download

Getting the Big Picture: How Access Governance fits into IT Governance and Risk Management 08.12.2009 Martin Kuppinger

Kuppinger Cole Webinar Recording

Download

The Three Elements of Access Governance: Recertification/Attestation – Access Control – Privileged Access Management 08.12.2009 Martin Kuppinger

Kuppinger Cole Webinar Recording

Download

Pass Your Next Compliance Audit With Confidence 19.11.2009 Martin Kuppinger

Kuppinger Cole Webinar Recording

Download

The Role of Entitlement Management in Governance, Risk and Compliance Management 14.10.2009 Felix Gaehtgens

Kuppinger Cole Webinar recording

Download

Overview Report: A GRC Reference Architecture 05.10.2009 Sachar Paulus €195.00

Governance, Risk & Compliance - these three terms, in short "GRC" are pretty widely used in these days. Unfortunately, there is great confusion in how this term is used. The reason for this confusion is with high probability the fact that it allows to sell pretty easily all kind of technology under the umbrella of "Risk" and "Compliance" solutions. But there are very precise areas that GRC should cover, and other that it shouldn't, for example "IT-GRC", the area of tools and methodologies to assure internal control within IT operations, should be part of it, but "Financial Risk" - a core activity of the financial department - shouldn't. This report aims to clarify the term GRC by defining a reference architecture, what exactly should be part of a GRC framework and how the different parts interact. It looks at GRC from a company-wide point of view, assembling all activities that have a certain internal control nature, yet...

Order the report

Market Report: GRC 2009 02.05.2009 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. Kuppinger Cole observes an trend towards tools which integrate analysis, attestation, authorization management, risk management, Segregation of Duties controls, and role management functionalities to provide an overall GRC solution with focus on access controls and authorization which can be applied to all applications and all compliance regulations which are relevant to any organization in a first step. Beyond that we expect to see more complete GRC solutions which cover other aspects as well like the management of security events and incidents or availability and business continuity, to fully support the requirements on IT Governance. Beyond that we as well expect advancements in the integration of enterprise-driven approaches, mainly for risk management (Enterprise Risk Management, ERM) and IT-driven approaches, e.g. IT Risk Management (IRM). Today there are partial...

Order the report

Vendor Report: IBM’s IAM and GRC offerings 27.03.2009 Martin Kuppinger €95.00

IBM is amongst the vendors which have entered the IAM market early. Right now, IBM can deliver in most areas of the IAM market, with only few missing elements in their overall portfolio. In the GRC market, the current focus of IBM is more towards SIEM-related GRC issues and log analysis, whilst IBM offers no specific platform for IAM-GRC. Anyhow, we expect IBM to be able to provide solutions through partnerships if required. Besides this, the approach chosen by IBM positions the company pretty well for the emerging trend towards GRC platforms which support any aspect of GRC require-ments and which aren’t limited to the IAM-related parts of GRC (e.g. access/authorization analysis and management). Given that IBM has entered the market early, IBM can provide a relatively mature software portfolio for IAM, with some recent additions like their Enterprise Single Sign-On solution and some new inte-grations for example between Enterprise Single Sign-On and the Tivoli Federated...

Order the report

Business Report: Key Risk/Performance Indicators IAM and GRC 09.02.2009 Martin Kuppinger €165.00

The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for a quick overview on the progress of organizations. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks. The report provides 25 selected Key Risk Indicators (KRI) for the area of IAM and GRC. These indicators are easy to measure and provide a quick overview of the risk status and its changes for organizations. The indicators can be combined in a risk scorecard which then can be continuously used in IT management and corporate management. Kuppinger Cole strongly recommends using KRI concepts as tool within IT and specifically IAM and GRC. Many KRIs are easy to use and provide quick results. Thus, risks can become a key control for IT, providing insight in risks and support decisions on IT investments.

Order the report

Trend Report: Enterprise Role Management 16.01.2009 Martin Kuppinger €125.00

Enterprise Role Management describes an enterprise-wide approach for defining role models and roles for every type of system which requires roles, going beyond IAM and GRC requirements. Within that concept, there are typically three levels of roles, which we define as Business Roles, IT-functional Roles, and System-level Roles. These concepts are accepted and implemented by an increasing number of organizations. The report provides, beyond some numbers on the role management market, guidelines for imple-menting Enterprise Role Management successfully. The information in this report is based on a survey Kuppinger Cole has run in November/December 2008 amongst role management responsible from organizations of any size and on the current, ongo-ing research of Kuppinger Cole.  

Order the report

KCP Webinar Identity Management und GRC - Trends 2009-2019 10.10.2008 Martin Kuppinger

This document is only available to our subscribed customers. If you have a subscription, please log in to download it.

Download

Trend Report IAM and GRC 2009-2019 24.09.2008 Martin Kuppinger €295.00

Order the report

Market Report: GRC 2008 19.04.2008 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization.

Order the report

Events

Congress: European Identity Conference 2010 04.05. - 07.05.2010 , Munich

With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Congress: CLOUD 2010 04.05. - 07.05.2010 , Munich

Kuppinger Cole are proud to announce the Cloud Computing Flagship Event for Europe: CLOUD 2010. Making Cloud Computing work for your enterprise, how to prepare for it and what the risks involved with a cloud strategy are - Join us in Munich for an exciting event beyond the hype. Information

Congress: GRC-Forum 2009 03.11. - 05.11.2009

Eine direkte Verknüpfung zentraler Geschäftsprozesse mit einem unternehmensweiten GRC-Management bringt klare wirtschaftliche Vorteile und reduziert die Risiken. Das GRC-Forum 2009 unterstützt Sie bei der Einführung und Verbesserung eines solchen GRC-Managements und einer darauf abgestimmten Strategie für Ihre Unternehmens-IT. Information

Webinar: The Role of Entitlement Management in Governance, Risk and Compliance Management 13.10.2009 , 16:00 CEST

Modern IT infrastructures empower their users and thereby introduce new risks. The effectiveness and efficiency of control frameworks and GRC programs are therefore becoming an increasingly important focus area for IT and business managers alike. Yet, GRC initiatives tend to be reactive, striving to optimize monitoring, surveillance and auditing capabilities and the GRC overhead keeps growing. Instead we need risk-intelligence built into our IT-infrastructures. This is what Entitlement Management helps achieve. Entitlement Management provides real-time enforcement of policy-based access controls based on policy modeling implementing regulatory compliance and risk mitigation plans. This enables a shift from reactive surveillance to proactive enforcement which reduces the GRC overhead and improves control efficiency. This webinar is supported by Axiomatics. Information

Seminar: Governance, Risk und Compliance – mehr als nur Regeln 22.09.2009 , 9:00 - 14:00

Zuverlässigkeit ist das wichtigste Merkmal einer guten Identitäts- und Sicherheitsmanagementlösung. Mit der schriftlichen Niederlegung der Management- und Sicherheitsverfahren allein ist es aber nicht getan – Sie müssen die Gewissheit haben, dass Sie mit der gewählten Lösung auch alle Richtlinien und Vorschriften erfüllen, umsetzen und kontrollieren können. Das Ziel heißt „Making IT Work As One!“ Information

Congress: Identity Management & GRC Conference Istanbul 24.06. - 26.06.2009 , Istanbul/Turkey

ID-Conf Istanbul is the place to meet with enterprise technologists, thought leaders and experts to learn about, discuss and shape the market in most significant IT-Security related topics such as Identity Management, Governance, Risk Management and Compliance (GRC) and Service Oriented Architecture (SOA). With it´s world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, ID-Conf Istanbul is an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Congress: European Identity Conference 2009 05.05. - 08.05.2009 , Munich

With its world class list of 130+ speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Webinar: Wer war Root? 19.03.2009 , 14:00 - 14:45

Der Umgang mit privilegierten Benutzerkonten, wie beispielsweise "ROOT", birgt hohe Risiken. In diesem Webinar führen wir Sie in die Grundlagen des Privileged Account Management (PAM) ein und geben Ihnen wertvolle Praxistipps, wie Sie Ihr Netzwerk wirksam gegen interne und externe Bedrohung schützen können. Information

Webinar: Fraud Prevention and Multi-factor Authentication 11.03.2009 , 17:00 - 17:45

In this webinar, Kuppinger Cole´s founder and principal analyst will give you an overview on the market for risk- and context-based, multi-factor authentication and authorization solutions for fraud detection, followed by Stefan Dodel, middleware solutions specialist at Oracle, who will talk about his experiences from numerous projects. Information

Webinar: Business Roles, Business Rules, Claims – What is it all about? (CANCELLED) 26.02.2009 , 17:00 CET, 4pm UTC

The webinar will discuss the questions and outline the future trends for business roles, business rules, and claims. Information

Webinar: Risk Management Trends 19.02.2009 , 17:00 CET, 4pm UTC

The webinar will discuss risk management trends as well as the evolution of the market for risk management tools. Information

Webinar: Reducing Compliance Costs through Risk-Based Segregation of Duties Management 12.02.2009 , 17:00 CET, 4pm UTC

In this Webinar, Kuppinger Cole´s Principal Analyst Martin Kuppinger will highlight the challenges of risk based segregation of duties management, and will discusses technology solutions for continuous monitoring that deliver affordable and effective compliance. Information

Seminar: Enterprise Identity Management Best Practices 26.11. - 27.11.2008 , München

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelmäßig über aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Diese 2-tägige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabhänigen, neutralen Expertise von Kuppinger Cole. Information

Conference: Governance, Risk Management & Compliance (GRC) Forum 2008 18.11. - 19.11.2008 , Frankfurt am Main

Je komplexer die IT-Infrastruktur, desto angreifbarer ist sie und desto höher die Aufwände (und Kosten) für Compliance. Für die erfolgreiche Einführung einer unternehmensweiten GRC-Plattform ist es deshalb von entscheidender Bedeutung, einerseits deren Fundament in Form einer zukunftsorientierten Identity Management Strategie darauf auszulegen, aussagekräftige Informationen zur Verfügung zu stellen, und andererseits durch einen Risk-orientierten Compliance-Ansatz die Kunst der Beschränkung auf das Wesentliche zu üben. Die Kuppinger Cole Governance, Risk Management & Compliance (GRC) Jahresveranstaltung 2008 fokussiert Strategien und Vorgehensweisen, Technologien und Werkzeuge, die Ihre Unternehmensführung in die Lage versetzen, wettbewerbs- und kostenrelevante Entscheidungen in Kenntnis aller wesentlichen Informationen und Risiken zu treffen - ohne dass Ihre Compliancekosten ausufern. Information

Webinar: Trendstudie Rollenmanagement 13.11.2008 , 13:30 - 14:30

Die Beweggründe für die Einführung eines unternehmensweiten Rollenmanagements sind sehr unterschiedlich. Während es bei vielen Unternehmen häufig zunächst um die Reduktion von Komplexität geht, stehen in anderen Unternehmen Compliance-Aspekte im Mittelpunkt. Entsprechend unterschiedlich ist die Herangehensweise an das Thema Rollen und häufig auch das Resultat. Kuppinger Cole führt deshalb derzeit eine Umfrage unter Anwenderunternehmen durch, deren Ergebnisse in diesem Webinar präsentiert werden. Information

Webinar: Integration - die Zukunft des Risikomanagements 06.11.2008 , 15:00 - 16:00

Unterschiedliche Rogue Trading Vorfälle und die Finanzmarktkrise haben es nochmals deutlich gezeigt: Das traditionelle Risikomanagement scheint nicht dazu geeignet zu sein, Unternehmen vor selbstvernichtendem Handeln zu bewahren. Einerseits war es im operativen Geschäft wohl häufig so, dass man glaubte, die Grundsätze eines internen Risikomanagements zu Gunsten externer Ratings über den Haufen werfen zu können. Andererseits fehlte (und fehlt) ein ganzheitlicher Ansatz, der die Risiken nicht nur der wertschöpfenden, sondern auch der nicht-wertschöpfenden Prozesse aufdeckt und für Entscheidungsprozesse zugänglich macht. Wie läßt sich ein unternehmensweit integriertes Risikomanagement umsetzen? Zu dieser Frage bieten wir Ihnen das folgende Webinar: Information

Webinar: Enterprise Role Management - die 5 wichtigsten Regeln 31.10.2008 , 14:00 - 15:00

Die Berechtigungsvergabe auf Basis von Business-Rollen ist ein wesentlicher Bestandteil des Identity Managements und wichtige Grundlage für eine GRC-Strategie. Ist das so? Geht es auch ohne? Fakt ist, dass sehr viele Projekte, bei denen das Rollenmanagement eine wichtige oder die Hauptrolle spielt, entweder aus Budget- und Zeitrahmen laufen, oder gar scheitern. In diesem Webinar sprechen wir über die 5 wichtigsten Regeln für ein erfolgreiches Enterprise Role Management. Information

Webinar: GRC Business Values 24.10.2008 , 13:00 - 14:00

Dieses Webinar führt Sie in das Konzept einer GRC-Plattform ein und gibt Ihnen einen Überblick über die wichtigsten Kriterien für die Einführung einer solchen Plattform. Information

Workshop: SOA Governance Best Practices 13.10.2008 , 09:00 - 17:00 , Stuttgart

Für die Nachhaltigkeit einer Investition in eine serviceorientierte Architektur und zur Erfüllung der mit ihrer Einführung verbundenen Erwartungen, wie beispielsweise ein Mehr an unternehmerischer Agilität, ist SOA Governance eine wesentliche Voraussetzung. Dieser Workshop bietet Ihnen die Möglichkeit, gemeinsam mit Martin Kuppinger in einer kleinen Gruppe eine auf Best Practices basierende Strategie für den Einstieg in SOA Governance zu erarbeiten. Information

Webinar: Kuppinger Cole Trend Report IAM and GRC 2009-2019 02.10.2008 , 15:00 - 16:00

During this webinar, Martin Kuppinger will present the key results of the Kuppinger Cole Trend Report IAM and GRC 2009-2019. Information

Conference: Identity Management Praxisforum 28.01. - 29.01.2008 , Frankfurt/Main

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelmäßig über aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Deshalb veranstalten wir gemeinsam mit dem Management Forum Starnberg das Identity Management Praxisforum. Diese 2-tägige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabhänigen, neutralen Expertise von Kuppinger Cole. Information

Seminar: Compliance needs Enterprise Role Management (ERM) 22.11.2007 , 09:00 - 17:00 , München

Dieser Workshop setzt sich mit der Entwicklung eines unternehmensweiten Rollenmanagements und der Evaluierung von Rollenmanagement-Produkten auseinander. Lernen Sie, wie IT-Rollen mit Prozessverantwortlichkeiten abgestimmt werden und diskutieren Sie die Möglichkeiten und Herausforderungen der unterschiedlichen Ansätze. Breiten Raum nimmt die Diskussion über Erfahrungen, Ergebnisse und ?Lessons Learned? aus Unternehmen ein, die unternehmensweite Rollendefinitionen bereits durchgeführt haben. Information

Seminar: Governance, Risk, Compliance (GRC) & Identity Management 14.11.2007 , 09:00 - 17:00 , München

Das unternehmensweite Risikomanagement, das nachhaltige Steuern des Unternehmens durch Kodizes und Richtlinien (?Governance?) und das systematische Streben nach dem Einhalten externer und interner Regelwerke (?Compliance?) verändern grundlegend die Anforderungen der Unternehmensführung an IT-Infrastruktur und Anwendungen. Welchen Hintergrund diese veränderten Anforderungen haben, wie sie sich auf die IT auswirken und welche zentrale Rolle das Identity Management dabei spielt, zeigt Ihnen dieses Seminar auf. Information

Webinar: Die richtige Single Sign-on Strategie für mehr Sicherheit und IT-Compliance 26.10.2007 , 11:00 - 12:00

Die Einführung von Single Sign-On Systemen wird in zunehmendem Maße von Compliance-Anforderungen beeinflusst. Bringt ein SSO-System zusätzliche Risiken oder läßt sich damit eine Compliance-Strategie sogar vereinfachen? In diesem Webinar lernen Sie die unterschiedlichen SSO-Ansätze innerhalb des Unternehmens, über die Unternehmensgrenzen hinweg und im Web kennen und deren Einfluß auf Ihre Compliance-Strategie. Information

EIC 2009 Sessions

Re-Assessing IAM-Strategy in Turbulant Times - Cost Optimisation Approaches for IAM Initiatives 06.05.2009 10:30-11:30 John Hermans, KPMG

View details

Maximizing the Value of Identity Management 06.05.2009 15:00-16:00 Kari-Pekka Lifländer, Nokia

Presentation first suggests as the basis for Identity management value model the usage of Identity transactions. Identity transactions is defined as sum of rights requests + sum of amounts of rights delivered. Additionally, each transaction is given a euro sum value which results into tangible value delivered by IDM. The presentation next discusses the relevant parts of the role based access management model implementation that bring most value as based on the IDM value model. Discussed elements are e.g. different kind of approval flows, inherited membership approvals, privileges inheritance, delegated management of privilege and role structures, traceability of current permissions/permissions under approval or delivery/historical permissions, inheritance of the membership constraints in the role hierarchy, possibility to reconcile memberships with the target systems in case manual provisioning is used. View details

Past Conference Sessions

Governance, Risk, Compliance (GRC) & Identity Management (Session I) 25.04.2008 09:00-10:30 Dr. Horst Walther, Kuppinger Cole

View details

Active Directory Disaster Recovery Workshop (Session I) 25.04.2008 09:00-10.30 Gil Kirkpatrick, NetPro

In this workshop, leading directory services and identity management expert, Gil Kirkpatrick, will educate the audience on how to manage entitlements using Microsoft’s Identity Lifecycle Manager (ILM) II. Kirkpatrick will highlight the new functionality in ILM II including user and resource modeling, workflow, and provisioning. Further, he will cover resource discovery and classification, provide guidance around how to define access policies, and discuss the importance of proactive infrastructure management to ensure the environment’s long-term stability and continuity. View details

How Basel II and Euro-SOX affect Enterprise IT – of Finance Instiutions and other Companies 25.04.2008 09:00-10:30 Martin Kuppinger, Kuppinger Cole

Basel II and Euro SOX (the 8. EU auditing guideline) are amongst the most relevant compliance guidelines in Europe. The open question for most companies is how these guidelines might affect their business – and their IT. The workshop will provide an overview of these regulations and their impact on IT, the need for IT-based risk management and specific IT and Identity risk management. This will be discussed for the IT of finance institutions as well as for all the other companies, because Euro-SOX is relevant to all and Basel II, even while being a banking standard, affects the risk evaluation of corporations. View details

Governance, Risk, Compliance (GRC) & Identity Management (Session II) 25.04.2008 11:00-12:30 Dr. Horst Walther, Kuppinger Cole

View details

Active Directory Disaster Recovery Workshop (Session II) 25.04.2008 11:00-12:30 Gil Kirkpatrick, NetPro

View details

Identity Risk Metrics 25.04.2008 14:00-15:30 Martin Kuppinger, Kuppinger Cole Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

The Role of Roles in Compliance – A Practical Approach 25.04.2008 14:00-15:30 Dr. Horst Walther, Kuppinger Cole Dr. Ron Rymon, CA Inc. Dr. Martin Kuhlmann, Omada Kevin Cunningham, SailPoint Darran Rolls, Sailpoint Peter Weierich, Voelcker Informatik Melvis Hadzic, Oracle

Enterprise role management is quickly becoming a critical technology for enabling organizations to verify and enforce regulatory policies and to audit the effectiveness of internal controls over user access. But due to complexity and marketplace confusion, many companies struggle to find an approach that delivers practical and timely results. This workshop is designed to help technical leaders adopt a pragmatic strategy for managing roles as part of a successful governance, risk management, and compliance initiative. SailPoint’s Chief Technology Officer, Darran Rolls, will provide an in-depth look at role management concepts and technologies. And, he’ll offer recommendations that can help organizations achieve practical benefits with roles. Points of discussion include: Introduction: What is role management? Business drivers and use cases for role management Where do roles fit in the world of compliance? How do compliance roles relate to provisioning roles? How... View details

Identity Risk Metrics 25.04.2008 16:00-17:30 Martin Kuppinger, Kuppinger Cole Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

Medium Sized Companies 24.04.2008 10:30-11:30 Jörg Mauz, Ansmann AG

While the first wave of Identity Management implementations has been taking place mostly in large enterprises and discussions on RoI potentials delivered by these projects seem to sometimes be pretty controversial, the number of medium sized companies investing in Identity Management is on a sharp rise now. Jörg Mauz, who is CIO at Ansmann AG, a company with 300 employees, will show in this presentation, how he managed to make a successful move into a lean and feasible Identity Management infrastructure. View details

An Interview with Edge Zarrella 24.04.2008 10:30-11:30 Martin Kuppinger, Kuppinger Cole Egidio (Edge) Zarrella, KPMG

View details

Executing Identity and Access Management in an International Bank- and Insurance Company 24.04.2008 11:30-12:30 Dionysius Antonius Kotteman, ING Group

The presentation will cover ING's major project to define and roll - out identity management. It will list some experiences, good and bad, inluding Role Based Access. Added are the latest developments in ING with regard to building a Security Operations Centre; an opportunity to make a step in reducing risks in access security. View details

Business Roles - Methods and Tools 24.04.2008 14:00-15:00 John Hermans, KPMG

View details

IdM, SOA & IT-Governance 24.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole

Over the last years, Compliance has often been cited as the most important driver for Identity Management. But, honestly, it is IT Governance as one of the most important parts of Corporate Governance. Within IT Governance (and within the identity and access management), the scope shouldn’t be limited to either Enterprise Systems and core business processes or to the Identity Management level. Companies need an consistent approach for IT Governance which focuses on risks as well as compliance and which integrates SOAs, IAM and BPM (and may be BSM) to really fulfill the requirements. Martin Kuppinger will provide his thoughts on this topic within this session. View details

The Multi Year Journey of Implementing IAM within Deutsche Bank 24.04.2008 15:00-16:00 Berthold Kerl, Deutsche Bank AG

Starting with the complexity of Deutsche Banks organisation the presentation will explain how Deutsche Bank meets its regulatory requirements and synchronises with its control and efficiency related targets in the Identity and Access Management field. Best practice examples of IAM solutions will be covered: Such as db Legi which is one of the largest role based access management systems in the financial services industry. Another example is the project Gatekeeper which accomplished the recertification of over 150.000 accounts in 300 SOx relevant applications in record time. Gatekeeper involved more than 10.000 people across Deutsche Bank. As the destination of the journey the blueprint of the future state IAM governance landscape of Deutsche Bank will be outlined. View details

Provisioning, Entitlements 24.04.2008 15:00-16:00 David Hannaford, E.ON UK

Identity management isn’t just about security and cost, it can also deliver real business benefits. This presentation is based on the case study of the implementation at E.ON UK and the linking of this system to a European Identity Management system in E.ON Germany. It illustrates the key concepts of the implementation, where the value has been derived, and lessons learned during the implementation and subsequent operation and enhancement of the system. View details

Managing GRC - Introduction 23.04.2008 10:30-11:30 Jörg Asma, KPMG

View details

Identity Risk Management 23.04.2008 11:30-12:30 Marko Vogel, KPMG

Most of the companies have already set up or even implemented projects concerning Identity Management. But how is the status of Identity Management if looked at from a holistic perspective? Many companies are concerned with the level they have reached, where they have improvement potentials and how they can and should progress. Marko Vogel explains how KPMG determines the stage of maturity of the organisation's Identity Management based on the KPMG reference model. The presentation clarifies that an organisation needs a lot more that a tool to receive a mature Identity Management. It is shown how different aspects are assessed, such as guidelines, governance, management review, processes and controls, and how they will be assigned to standardised maturity degrees according to their development. The presentation also explains what needs to be done to reach higher maturity degrees and illustrates this with practical examples. In addition, a Use Case demonstrates how the results... View details

Kuppinger Cole GRC Solutions Market Report 2008 23.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole

In the GRC Solutions Market Segment Report 2008, KCP provides the first time ever an structured view on the GRC market and the vendors within, clustering the different approaches to give a practical guideline for selecting solutions in this evolving, multi-facetted market. KCP will also predict future developments in this market. View details

SAP Authorization Provisioning at E.ON 23.04.2008 15:00-16:00 Sven Wahler, E.ON IS

Due to an increased complexity of regulatory requirements such as IDW, GoBS, HGB, SOX and ISO, monitoring of critical authorizations within SAP has to be automated. Sven Wahler will show in his best practices presentation, how E.ON went through the process of implementing such a GRC tool. View details

Compliance as a Risk 23.04.2008 16:30-17:30 Oliver Eckel, bwin

View details