August 17, 2016 By Nick Oropall 2 min read

“Internal auditors are being asked by audit committees and senior managers to step outside their comfort zones. How are you addressing the fast-paced changes in technology, information security, risk management, governance and compliance?”

The lines above serve as MISTI’s introduction to the SuperStrategies conference, but they’re also an introduction to the direction of IT audit and information security. Once upon a time, these two areas were separate islands. That is no longer the case.

What Is Identity Governance?

Identity governance helps to answer the questions:

  • How can we verify who has access to what?
  • How can we understand if this is access that they actually need?

But there’s more to identity governance and intelligence. It has become a security control, a safeguard against insider threats and a means of effective communications between the business, IT and audit.

Worlds Colliding: Identity Governance and IT Security

It is critical to select the right identity governance and intelligence solution. It can help to identify who has access to what and whether they should have that access. Analytics can help optimize roles and user access while simultaneously helping to prioritize high risk access or users.

Gone are the days when identity and access management could be separate from IT security. The two are intertwined, and that makes communication critical. Identity governance and intelligence needs to be the solution that fosters communication between the audit and IT teams, as well as the solution that enables business managers to make the right access decisions.

Discover More at SuperStrategies 2016

The 2016 SuperStrategies agenda is designed to help internal audit executives better understand the challenges they are facing every day. Featured keynotes include Thierry Dessange, the VP of Technology Audit at Visa., and Robert King, CVP and chief audit executive at FedEx.

If you are interested in hearing more about how identity governance and intelligence brings security and compliance together, please come to MISTI SuperStrategies, which is taking place Sept. 27 to 29 in Las Vegas. Be sure to stop by IBM’s booth. We look forward to seeing you there!

For additional information on this topic, check out the on-demand webinar “How Identity Governance Can Help Protect Your Organization,” presented in July by MISTI and IBM.

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today