Creating an ERM framework

Increased efficiency is a driving factor for organizations adopting role-based access control The identification, authentication and authorization of individuals based on their job titles within an organization. Contrast with mandatory access control and discretionary access control. See least privilege. (RBAC RBAC Role-Based Access Control (informatics)
RBAC Rule-Based Access Control (informatics)
RBAC Recreational Boating Advisory Council (Canada)
RBAC Re-Use Business Assistance Center ). In IT operations, RBAC lowers the number of IT entitlements or roles, preventing staff from getting inundated in·un·date
tr.v. in·un·dat·ed, in·un·dat·ing, in·un·dates
1. To cover with water, especially floodwaters.

2. with a huge number of granular granular /gran·u·lar/ (gran´u-lar) made up of or marked by presence of granules or grains.

gran·u·lar
adj.
1. Composed or appearing to be composed of granules or grains.

2. access requests. RBAC also reduces the complexity of the audit and compliance certification process by certifying roles, instead of each application and each entitlement. Companies can follow a basic process to develop an effective enterprise role management framework. First, begin with an assessment of your organization's current identity and access management (IAM IAM - Interactive Algebraic Manipulation. Interactive symbolic mathematics for PDP-10.

["IAM, A System for Interactive Algebraic Manipulation", C. Christensen et al, Proc Second Symp Symb Alg Manip, ACM Mar 1971]. ) and role maturity. A role-mining exercise can assist in aggregating, correlating and cleaning existing data. To manage sensitive privileges within applications, implement base roles for new hires and contractors, and create application/IT roles for users who cross organizational boundaries but need similar access. Next, establish role-lifecycle management processes. A role's lifecycle is the same as a user's lifecycle – it gets on-boarded, transfers, changes or terminates. Define and document the business processes for role-lifecycle management and then, to automate, map that process to technology. Automation is key to preventing stagnant or inaccurate roles. Identifying roles and responsibilities is the next step. A basic team comprised of the various stakeholders Stakeholders

All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. should be built up, understanding that "new actors" may need to come on-board On board usually means to be traveling on some vehicle. For example, Baby On Board. Compare with overboard.

Metaphorically, the term on-board is often used to refer to some piece of technology that is integrated in a moving vehicle, for example:

. Standardization of role management is best achieved when implemented at the enterprise level, but business dynamics can make this challenging. Mature business units should move toward a central governance process for role management. Your organization will change significantly with an enterprise role management model, but the increased efficiency in business processes and IT operations makes it well worth the effort.

Copyright 2009 SC Magazine
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Author:	Debbie Cuadros, VP, business development and partner relations, Simeio Solutions
Publication:	SC Magazine
Date:	Sep 10, 2009
Words:	270
Previous Article:	Windows 7 fights exploits
Next Article:	Threat of the Month -- Conficker

Related Articles
Long-t[ERM] goals: insurers with fully deployed enterprise risk management programs avoided the brunt of the financial crisis.
Manageable risk: some colleges and universities have been reluctant to attempt an ERM program, but it's clearly becoming the holistic risk management...
ERM: the evolution of a balancing act.