Focus and Features

Provide insight into what Identity and Access Management (IAM) means to an organization and a process to determine internal audit areas for investigation.


Course Objective


At the end of the Course, the participants shall be able to:

  • Have an understanding of the identity access management drivers, concepts and risks
  • Knowledge on the definition of key concept used in analyzing, and monitoring organization's IAM processes
  • Learn the role of internal auditors and develop an IAM audit approach to examine the identity and access management processes that exist within the organization.
  • Attain the appropriate competencies required by the IPPF and mapped with The IIA GCF


What You Will Learn

Introduction

Business Drivers

  • Improved Regulatory Compliance
  • Reduced Information Security Risk
  • Reduced IT Operating and Development Costs
  • Improved Operating Efficiencies and Transparency
  • Improved User Satisfaction
  • Increased Effectiveness of Key Business Initiatives


Identity and Access Management Concepts


Adoption Risks


Definition of Key Concepts

Identity Management vs. Entitlement Management

  • Identity and Access Management Process
  • Entitlement Management

Identity and Access Management Components

  • Identity Types
  • Onboarding
  • Offboarding


Access Rights and Entitlements

  • Identity Access or Entitlement Changes
  • Granting Access Rights to Privileged Accounts
  • Segregation of duties

Provisioning Process

  • Access Request
  • Approval
  • Propagation and Identity Creation
  • Communication
  • Logging

Administration of Identities and Access Rights Process

  • Periodic Audit and Reconciliation of Identities and Entitlements
  • Policy Statement Administration
  • IAM Strategy
  • IAM System Administration
  • End-user Password Administration
  • Storage and Handling Considerations
  • Reporting

Enforcement Process

  • Authentication and Authorization
  • Logging


Use of Technology in IAM

  • What Types of Technology Exist?
  • Pros and Cons of Technology Use
  • How Is the Technology Used?
  • Additional Concepts


The Role of Internal Auditors

Current IAM Processes

  • Business Architecture
  • Policies
  • Laws, Regulations, and Mandates
  • Budget
  • Timeline
  • Business Requirements


Auditing IAM

  • Evaluation of IAM
  • Evaluating Entitlement Management
  • Approach to examine IAM process within the organization


Audit Activity

  • Simulation of auditing IAM through auditing exercises and examples


Who Should Attend

This is a course offered is ideal for all auditors who are not primarily IT auditors but need to understand identity and access management (IAM) concepts within their auditing or compliance roles.



Number of CPE units: 3



Privacy Notice: We collect your personal information to register you in our training/ membership events and photos/videos will be taken for evidentiary purposes in relation to IIAP Seminars. We will use this information to provide services regarding your attendance and if you agree, to send you marketing information.


By giving us your personal information you consent to our use of it for the purposes described in this Privacy Notice.

Location

Virtual set-up/via Zoom

See route

Contact us

For additional event or venue information, please send an email to training@iia-p.org

Sponsors and Partners