Access Management ensures that sensitive data stays confidential, employees get the required access (not more and not less), governmental rules are adherenced and can be attested.
Scope
Access Management has follows the following aims:
- Control of the access to services based on given security policies
- Efficient reaction to access requests, e.g. granting, changing or withdrawing
- Providing an overview (e.g. for revisions) to services and protects for abuse
Activities
Critical Success Factors
The following items are examples:
- CSF: Maintaining of confidentiality, integrity and availability of services based on Information Security Policy
- KPI: Amount of incidents through incorrect user rights
- KPI: Amount of audit results containing incorrect user rights
e.g. moved or retured employees
- CSF: Punctual grant of permissions
- KPI: Percentage of access requests, which are proceessed within Service Level Agreements / Operational Level Agreements