Printer Friendly
The Free Library
19,604,530 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Are Common Access Control Failures to Blame in Societe Generale Loss?


IT and Identity Risk Experts Provide Analysis, Examine Potential Missteps and Offer Lessons on Using Identity and Access Data to Better Manage Risk in New Podcast

AUSTIN, Texas -- As investigators sort out whether rogue trader Jerome Kerviel acted alone as alleged or with the knowledge of Societe Generale senior officials as some have speculated, a debate is emerging in IT circles asking if the massive fraud owes more to the collapse of financial controls or to the controls that govern information technology systems and the data they house. The extent to which access control exposures may have played a part in the fraud is the subject of a new podcast released today from SailPoint Technologies, Inc. and Enterprise Management Associates.

"Avoiding a Billion Dollar Blind Spot: What Organizations Can Learn about Their Risk Posture from Identity and Access Data" offers constructive insight into the reported allegations in the Societe Generale fraud. The scheme is the latest and most damaging in a series of headline-grabbing incidents - many involving access control failures - that have escalated in frequency and impact in recent years. Hosts Scott Crawford, Research Director and Practice Manager in the Security and Risk Management Practice at Enterprise Management Associates and identity risk expert Mark McClain, CEO and founder of SailPoint Technologies, examine the serious questions such losses raise about the state of governance and risk management in the world's largest enterprises.

"What's becoming all too clear is that companies don't have a sufficient understanding of where their risks are," observed Crawford, an expert on IT risk management. "As the facts come to light on this case and companies begin to examine what they can learn from the incident, I think we'll find that business controls remain vulnerable to subversion by users like Kerviel without an effective IT risk management strategy in place."

Following an examination of the case, Crawford and McClain outline five basic issues and related exposures that can contribute to a control failure and offer practical guidance for preventing similar incidents.

"The tendency is to view this case as exceptional, and the lion's share of press articles focus on whether Kerviel could have succeeded in circumventing financial and trading controls acting alone," said McClain. "There's an equally important story here to tell about IT risk controls that in our experience is all too common - it's an instructive case for all companies that outlines the need for IT controls to supplement business controls and validates the importance of user identities as a point of IT control in the enterprise."

Episode 8 of The Identity Intelligence Insider, "Avoiding a Billion Dollar Blind Spot: What Organizations Can Learn about Their Risk Posture from Identity and Access Data" is available at no charge from SailPoint Technologies at http://sailpoint.libsyn.com/index.php?post_id=309182 where listeners can also access previous episodes in the SailPoint podcast series. To view and download a detailed graphical timeline that indicates where key events may have alerted Societe Generale to potential access and IT control exposures along the dangerous path Jerome Kerviel reportedly followed during his tenure, go to http://www.sailpoint.com/news/files/kerviel.pdf.(a) Mark McClain and Scott Crawford are available for interviews and briefings.

(a) SailPoint's analysis suggests potential exposures that may have occurred based on allegations reported to date and should not be considered conclusive. For selected relevant news articles and sources, go to http://del.icio.us/billiondollarblindspot.

About SailPoint

SailPoint Technologies, Inc. (http://www.sailpoint.com) develops identity risk management software that helps organizations gain control over user access to critical systems and data, streamline costly IT compliance processes and reduce the risks of fraud, corporate data loss or theft and failed audits. Founded in December 2005, SailPoint is based in Austin, Texas.

SailPoint, the SailPoint logo and all techniques are trademarks or registered trademarks of SailPoint Technologies, Inc. in the U.S. and/or other countries. SailPoint Compliance IQ is a trademark or a registered trademark in the U.S. and/or other countries. All other products or services are trademarks of their respective companies.
COPYRIGHT 2008 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Feb 20, 2008
Words:679
Previous Article:ASI Launches MedSolutions(TM) Liability Insurance Product for Long-Term Care Facilities, Healthcare Groups.
Next Article:UAL Aircraft Mechanics' Union Presidents' Position on Airline Mergers.
Topics:



Related Articles
Done Deals REPORT.
Africa's top 100 banks.
Nigerian shake-up not yet complete.
Africa's top 100 bank.
Morocco pulls ahead.
For an exciting career, try accounting!
Profile view.
Global values National Societe Generale Bank at LE34.3 and recommends a 'BUY' on the stock.

Terms of use | Copyright © 2012 Farlex, Inc. | Feedback | For webmasters | Submit articles