0
03

Identity and Access Management Fundamentals

In this topic, you’ll learn about the fundamentals of Identity and Access Management (IAM) that protect our information from unauthorised access, fraud and misdemeanor.

The Sage story

Hackers aside, managing information security in a business with 50,000 staff raises the issue of internal breaches of security, whether that’s through malicious or careless behaviour.

We can minimise the risk of unauthorised access, fraud and misdemeanor by ensuring that employees have the access they need to do their job, and this access is justified, approved and used appropriately.

Therefore, it is essential that all CBA’s services comply with the Identity and Access Management (IAM) Standard, which outlines the specific requirements for:

  • Identity and Access Lifecycle Management
  • Role Management
  • Segregation of Duties (SoD) Management
  • Privileged Access Management
  • Authentication Management
  • User Access Reviews
    (explained further in Topic 4)

Let’s look at an example of why this is important. Click play to watch the video.

In 2016, UK firm Sage Group suffered a data breach after an employee accessed confidential client information without authorisation.

Sage provides cloud-based accounting and payroll software for businesses. The data breach affected almost 300 companies, potentially exposing their employees’ bank details and salary information.

The breach has come at a considerable cost to Sage Group - in January 2018 their stock price was at a high of GBP818. By the end of June 2018, it was trading at GBP626.