Risk Metrics

07.05.2015 15:30-16:30 Moderator:

What Gets Measured Gets Done – Identifying New Metrics for Distributed Digital System Performance to Evaluate and Mitigate Risk.

Data is the lifeblood of organizations and managers of organizations have access to increasing volumes of data; but what does data really mean in a given context? How can effective and dynamic risk evaluation and mitigation processes be cultivated from better measurement practices in an organization, and a more nuanced understanding of how different sources of risk will reveal themselves through different sorts of metrics.

How to Measure the Real Access Risk?

There are many factors that make up the access risk of users. Access to privileged accounts, but also elevated privileges in certain applications sum up to a complete picture of access risks. Users with uncommon combinations, user that have fairly different access than their peers, users with many direct assignments of entitlements: All these indicators might be related to higher access risk – or not. Aside of that: Not only the assigned entitlements are risk indicators, but also the use of access rights. Someone might access only the records of customers he is currently working with – or the ones of all customers he potentially has access to. The first one is just normal, the other an indicator of fraud.

However, organizations need to understand the real risks for being able to mitigate these.

In this session, the participants will discuss various approaches on measuring risk, looking at that from various angles.