Governance, Compliance & Risk

Articles

MARTIN KUPPINGER: GRC – one needs it 12.08.2008 Martin Kuppinger
It is presently discussed, especially in USA, whether GRC (Governance, Risk Management, Compliance) or to be exact, standardized solutions are more significant for GRC. It is interesting to note the blog-contributions from Archie Reed, HP on this. I also commented on the same in one of my current blog-contributions. Read the article
Mike Small´s Keynote at EIC 2008 21.05.2008 Joerg Resch
If you put together 40 years of experience in computer industry, an extra portion of extra-dry British humor and excellent thought leadership, you´ll get the right mix to really understand, wether Security, Privacy and Trust are a mission impossible. Thank you Mike Small (CA) for this great keynote. Read the article
Marne Gordan´s Keynote at EIC 2008 21.05.2008 Joerg Resch
Marne´s brilliant keynote on the 32 Billion $ (2008) GRC Market. Talking about some famous examples in finance and health industries, she reminds us, that it is all about human behavior, when it gets down to the question, why GRC is so important. Read the article
GRC and Role Management 19.04.2008 Martin Kuppinger
GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization. Read the article
Identity Theft ? state of affairs 28.09.2007 Martin Kuppinger
Identity Theft is anything but new, but still an exigent as well as unsolved problem. Only recently, Reto Hartinger, initiator of internet-briefing-ch, told me about a rather glaring case of Identity Theft, described and discussed in detail in his blog Read the article
Role management - where is it heading? 15.07.2007 Martin Kuppinger
I am working on a comprehensive report on standard tools for Role Management and their vendors. This has long been an item on my to-do list, but only now it has gained top priority. The reason is of course that Role Management was a cutting-edge issue on KPC`s European Identity Conference. Read the article
Trends in Provisioning 05.07.2007 Martin Kuppinger
What will be ?the next big thing? of Identity Management? I think there will be two development steps both deserving to be described like this. Read the article
Identity Management and Business 05.07.2007 Martin Kuppinger
I always appreciate feedback on my newsletter articles ? especially positive feedback, of course. Recently I was able to do so twice: The first positive feedback concerned my article about Roles Management in one of our latest newsletters, the second referred to the text on Data Quality some time before. In both cases, I would like to add some important thoughts to the discussion. Read the article
The future of role management 29.06.2007 Martin Kuppinger
In connection with Identity Federation, a discussion repeatedly circulating about Role Management is being renewed. A closer look at the discussion, however, reveals as a main focus the question how to best model roles ? suggesting that no big change is in sight! Read the article
Governance automation 29.06.2007 Martin Kuppinger
Recently, the term Compliance Automation has become quite common. But ? as often with new terms ? a consistent comprehension of its meaning is still missing. In the following I would like to try a definition and a contextual placement. Read the article

Reports

Market Report: GRC 2008 19.04.2008 Martin Kuppinger €165.00
GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization.

Order the report

Events

Webinar: Die richtige Single Sign-on Strategie für mehr Sicherheit und IT-Compliance 26.10.2007 , 11:00 - 12:00
Die Einführung von Single Sign-On Systemen wird in zunehmendem Maße von Compliance-Anforderungen beeinflusst. Bringt ein SSO-System zusätzliche Risiken oder läßt sich damit eine Compliance-Strategie sogar vereinfachen? In diesem Webinar lernen Sie die unterschiedlichen SSO-Ansätze innerhalb des Unternehmens, über die Unternehmensgrenzen hinweg und im Web kennen und deren Einfluß auf Ihre Compliance-Strategie. Information
Seminar: Governance, Risk, Compliance (GRC) & Identity Management 14.11.2007 , 09:00 - 17:00 , München
Das unternehmensweite Risikomanagement, das nachhaltige Steuern des Unternehmens durch Kodizes und Richtlinien (?Governance?) und das systematische Streben nach dem Einhalten externer und interner Regelwerke (?Compliance?) verändern grundlegend die Anforderungen der Unternehmensführung an IT-Infrastruktur und Anwendungen. Welchen Hintergrund diese veränderten Anforderungen haben, wie sie sich auf die IT auswirken und welche zentrale Rolle das Identity Management dabei spielt, zeigt Ihnen dieses Seminar auf. Information
Seminar: Compliance needs Enterprise Role Management (ERM) 22.11.2007 , 09:00 - 17:00 , München
Dieser Workshop setzt sich mit der Entwicklung eines unternehmensweiten Rollenmanagements und der Evaluierung von Rollenmanagement-Produkten auseinander. Lernen Sie, wie IT-Rollen mit Prozessverantwortlichkeiten abgestimmt werden und diskutieren Sie die Möglichkeiten und Herausforderungen der unterschiedlichen Ansätze. Breiten Raum nimmt die Diskussion über Erfahrungen, Ergebnisse und ?Lessons Learned? aus Unternehmen ein, die unternehmensweite Rollendefinitionen bereits durchgeführt haben. Information
Conference: Identity Management Praxisforum 28.01. - 29.01.2008 , Frankfurt/Main
In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelmäßig über aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Deshalb veranstalten wir gemeinsam mit dem Management Forum Starnberg das Identity Management Praxisforum. Diese 2-tägige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabhänigen, neutralen Expertise von Kuppinger Cole. Information
Workshop: SOA Governance Best Practices 13.10.2008 , 09:00 - 17:00 , Stuttgart
Für die Nachhaltigkeit einer Investition in eine serviceorientierte Architektur und zur Erfüllung der mit ihrer Einführung verbundenen Erwartungen, wie beispielsweise ein Mehr an unternehmerischer Agilität, ist SOA Governance eine wesentliche Voraussetzung. Dieser Workshop bietet Ihnen die Möglichkeit, gemeinsam mit Martin Kuppinger in einer kleinen Gruppe eine auf Best Practices basierende Strategie für den Einstieg in SOA Governance zu erarbeiten. Information
Conference: Governance, Risk Management & Compliance (GRC) Forum 2008 18.11. - 19.11.2008 , Frankfurt am Main
Die Kuppinger Cole Governance, Risk Management & Compliance (GRC) Jahresveranstaltung 2008 fokussiert Strategien und Vorgehensweisen, Technologien und Werkzeuge zur Verbesserung Ihrer GRC Ansätze, wobei Integration und Automatisierung im SAP-Umfeld im Mittelpunkt stehen. Information
Congress: European Identity Conference 2009 05.05. - 08.05.2009 , Munich
With more than 450 attendees from 23 countries, EIC is a major platform in Europe to create, support and foster the dialog between GRC and identity management thought leaders and users, but as well between thought leaders themselves, between Europeans and Americans, vendors, vendor partners and users, between open source initiatives and the market. Information

EIC 08 Sessions

Governance, Risk, Compliance (GRC) & Identity Management (Session I) 25.04.2008 09:00-10:30 Dr. Horst Walther, Kuppinger Cole + Partner
View details
Active Directory Disaster Recovery Workshop (Session I) 25.04.2008 09:00-10.30 Gil Kirkpatrick, NetPro
In this workshop, leading directory services and identity management expert, Gil Kirkpatrick, will educate the audience on how to manage entitlements using Microsoft’s Identity Lifecycle Manager (ILM) II. Kirkpatrick will highlight the new functionality in ILM II including user and resource modeling, workflow, and provisioning. Further, he will cover resource discovery and classification, provide guidance around how to define access policies, and discuss the importance of proactive infrastructure management to ensure the environment’s long-term stability and continuity. View details
How Basel II and Euro-SOX affect Enterprise IT – of Finance Instiutions and other Companies 25.04.2008 09:00-10:30 Martin Kuppinger, Kuppinger Cole + Partner
Basel II and Euro SOX (the 8. EU auditing guideline) are amongst the most relevant compliance guidelines in Europe. The open question for most companies is how these guidelines might affect their business – and their IT. The workshop will provide an overview of these regulations and their impact on IT, the need for IT-based risk management and specific IT and Identity risk management. This will be discussed for the IT of finance institutions as well as for all the other companies, because Euro-SOX is relevant to all and Basel II, even while being a banking standard, affects the risk evaluation of corporations. View details
Governance, Risk, Compliance (GRC) & Identity Management (Session II) 25.04.2008 11:00-12:30 Dr. Horst Walther, Kuppinger Cole + Partner
View details
Active Directory Disaster Recovery Workshop (Session II) 25.04.2008 11:00-12:30 Gil Kirkpatrick, NetPro
View details
Identity Risk Metrics 25.04.2008 14:00-15:30 Martin Kuppinger, Kuppinger Cole + Partner Michael Kranawetter, Microsoft
There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details
The Role of Roles in Compliance – A Practical Approach 25.04.2008 14:00-15:30 Dr. Horst Walther, Kuppinger Cole + Partner Dr. Ron Rymon, Eurekify Dr. Martin Kuhlmann, Omada Kevin Cunningham, SailPoint Darren Rolls, Sailpoint Peter Weierich, Voelcker Informatik Melvis Hadzic, Oracle
Enterprise role management is quickly becoming a critical technology for enabling organizations to verify and enforce regulatory policies and to audit the effectiveness of internal controls over user access. But due to complexity and marketplace confusion, many companies struggle to find an approach that delivers practical and timely results. This workshop is designed to help technical leaders adopt a pragmatic strategy for managing roles as part of a successful governance, risk management, and compliance initiative. SailPoint’s Chief Technology Officer, Darran Rolls, will provide an in-depth look at role management concepts and technologies. And, he’ll offer recommendations that can help organizations achieve practical benefits with roles. Points of discussion include: Introduction: What is role management? Business drivers and use cases for role management Where do roles fit in the world of compliance? How do compliance roles relate to provisioning roles? How... View details
Identity Risk Metrics 25.04.2008 16:00-17:30 Martin Kuppinger, Kuppinger Cole + Partner Michael Kranawetter, Microsoft
There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details
An Interview with Edge Zarrella 24.04.2008 10:30-11:30 Martin Kuppinger, Kuppinger Cole + Partner Egidio (Edge) Zarrella, KPMG
View details
Medium Sized Companies 24.04.2008 10:30-11:30 Jörg Mauz, Ansmann AG
While the first wave of Identity Management implementations has been taking place mostly in large enterprises and discussions on RoI potentials delivered by these projects seem to sometimes be pretty controversial, the number of medium sized companies investing in Identity Management is on a sharp rise now. Jörg Mauz, who is CIO at Ansmann AG, a company with 300 employees, will show in this presentation, how he managed to make a successful move into a lean and feasible Identity Management infrastructure. View details
Executing Identity and Access Management in an International Bank- and Insurance Company 24.04.2008 11:30-12:30 Dionysius Antonius Kotteman, ING Group
The presentation will cover ING's major project to define and roll - out identity management. It will list some experiences, good and bad, inluding Role Based Access. Added are the latest developments in ING with regard to building a Security Operations Centre; an opportunity to make a step in reducing risks in access security. View details
Business Roles - Methods and Tools 24.04.2008 14:00-15:00 John Hermans, KPMG
View details
IdM, SOA & IT-Governance 24.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole + Partner
Over the last years, Compliance has often been cited as the most important driver for Identity Management. But, honestly, it is IT Governance as one of the most important parts of Corporate Governance. Within IT Governance (and within the identity and access management), the scope shouldn’t be limited to either Enterprise Systems and core business processes or to the Identity Management level. Companies need an consistent approach for IT Governance which focuses on risks as well as compliance and which integrates SOAs, IAM and BPM (and may be BSM) to really fulfill the requirements. Martin Kuppinger will provide his thoughts on this topic within this session. View details
The Multi Year Journey of Implementing IAM within Deutsche Bank 24.04.2008 15:00-16:00 Berthold Kerl, Deutsche Bank AG
Starting with the complexity of Deutsche Banks organisation the presentation will explain how Deutsche Bank meets its regulatory requirements and synchronises with its control and efficiency related targets in the Identity and Access Management field. Best practice examples of IAM solutions will be covered: Such as db Legi which is one of the largest role based access management systems in the financial services industry. Another example is the project Gatekeeper which accomplished the recertification of over 150.000 accounts in 300 SOx relevant applications in record time. Gatekeeper involved more than 10.000 people across Deutsche Bank. As the destination of the journey the blueprint of the future state IAM governance landscape of Deutsche Bank will be outlined. View details
Provisioning, Entitlements 24.04.2008 15:00-16:00 David Hannaford, E.ON UK
Identity management isn’t just about security and cost, it can also deliver real business benefits. This presentation is based on the case study of the implementation at E.ON UK and the linking of this system to a European Identity Management system in E.ON Germany. It illustrates the key concepts of the implementation, where the value has been derived, and lessons learned during the implementation and subsequent operation and enhancement of the system. View details
Managing GRC - Introduction 23.04.2008 10:30-11:30 Jörg Asma, KPMG
View details
Identity Risk Management 23.04.2008 11:30-12:30 Marko Vogel, KPMG
Most of the companies have already set up or even implemented projects concerning Identity Management. But how is the status of Identity Management if looked at from a holistic perspective? Many companies are concerned with the level they have reached, where they have improvement potentials and how they can and should progress. Marko Vogel explains how KPMG determines the stage of maturity of the organisation's Identity Management based on the KPMG reference model. The presentation clarifies that an organisation needs a lot more that a tool to receive a mature Identity Management. It is shown how different aspects are assessed, such as guidelines, governance, management review, processes and controls, and how they will be assigned to standardised maturity degrees according to their development. The presentation also explains what needs to be done to reach higher maturity degrees and illustrates this with practical examples. In addition, a Use Case demonstrates how the results... View details
Kuppinger Cole GRC Solutions Market Report 2008 23.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole + Partner
In the GRC Solutions Market Segment Report 2008, KCP provides the first time ever an structured view on the GRC market and the vendors within, clustering the different approaches to give a practical guideline for selecting solutions in this evolving, multi-facetted market. KCP will also predict future developments in this market. View details
SAP Authorization Provisioning at E.ON 23.04.2008 15:00-16:00 Sven Wahler, E.ON IS
Due to an increased complexity of regulatory requirements such as IDW, GoBS, HGB, SOX and ISO, monitoring of critical authorizations within SAP has to be automated. Sven Wahler will show in his best practices presentation, how E.ON went through the process of implementing such a GRC tool. View details
Compliance as a Risk 23.04.2008 16:30-17:30 Oliver Eckel, bwin
View details
Back to top

© 2008 Kuppinger Cole Ltd.