Compliance is not enough

The demands of regulatory compliance are among the factors driving IT and security managers within large organisations to improve their user-access governance processes, but the issues are broader and deeper than any regulations - and more serious than many senior executives think. The recent scandal at Societe Generale offers lessons from which every chief risk officer, chief information officer and chief security officer should learn, writes Brian Cleary

Risks related to unauthorised or inappropriate access to information resources can appear anywhere within an organisation at any time and spread rapidly through the business. All it takes is a single person with the wrong access. Such events range from minor policy and compliance violations to major operational failures with substantial financial, legal and reputational consequences.

While user access risk cannot be entirely eliminated, it can be monitored, managed and mitigated through a sound

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

Most read articles loading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here