For context, I am a one person security team as a ISM. Other IT departments are Network, Systems, and Customer service that are under a completely different direction. There has a small about of push-back when I speak on access management roles/responsibilities and separation of duties. What are some opinions on what is the best take on access management ownership with AD and Entra ID, and other services?

Security Strategy & Roadmap IT Strategy & Roadmap

670 views1 Comment

Sort by:

IT Analyst6 months ago

If you are having resistance about it, I think the first step is to engage higher organization levels showing evolved risks. If you get green sign of them next steps are:
1) training teams about security and risks;
2) review organization's security policy;
2.1) maybe create a standard about IAM's administration;
3) implement IAM policy

There is no formula about which team should do what, each organizations has its own way of working. It isn't a question of organizational chart, it's a question of resposibility. The most important thing is to ensure teams are aware of the their roles in the security implications.

Content you might like

Are your software engineers actively using AI to be more effective and productive in their day to day work? Comment why or why not!

Yes74%

No26%

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What action do you take when a user fails a simulated phishing test?

No action taken7%

Extra training required by user 95%

Permissions revoked5%

Disciplinary action taken against user3%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

Sort by:

Content you might like

Are your software engineers actively using AI to be more effective and productive in their day to day work? Comment why or why not!

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What action do you take when a user fails a simulated phishing test?

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Cloud Spending: IT Balances Costs with GenAI Innovations

Are U.S. Organizations Insuring Against CISO Liability Risk?

Building an Effective Executive Succession Plan

Take Your Insights On-the-Go