Where the Idea Came From
The idea for the software has come about during the author’s role as an IT Security consultant at a multinational energy trading company. The trading company is regulated by UK and multinational laws to demonstrate to auditors (internal and external) that processes for Segregation of Duties (SoD) in their trading applications are routinely checked and access management mechanisms are in place to help prevent rogue trading and fraudulent activities.
Overview of User Guardian
The User Guardian concept is to provide a tool that is easy for organisations to implement without spending tens of thousands of pounds on a fully fledged IAM tool. The tool could also be used before an expensive IAM implementation to understand the current state of an organisations access management control.
The tool is aimed at organisations that are audited under various country laws and financial regulatory bodies.
Figure 4 shows a typical segregation of duties issue.
Figure 4 - Segregation of Duties Software Comic
(Climer Comics 2011)
References
Climer Comics, 2011. Segregation of Duties. [Online]
Available at: http://www.climercomics.com/blog/blog/2011/01/25/segregation-of-duties/
[Accessed 06 July 2013].