Elaboration
Managing users and access rights across multiple systems can be challenging, and compliance is important in preventing users retaining access to systems that could compromise regulations. Auditors within the financial and energy industries will regularly check organisations have adequate measures in place to ensure user accounts are correctly managed (added and removed) in key systems to prevent individuals committing serious fraud. The regulations tightened after Nick Leeson bankrupted Barings bank in 1992 (BBC News, 1999).
The aim of the project will be to research the current risk and compliance systems on the market, and understand the key drivers for organisations using these tools. The project will then build a prototype based on the research. The potential value in the tool would be to develop something lightweight that could be used quickly as an initial stop-gap solution, to avoid the cost and time that more complex middleware tools require.
The prototype would operate by importing software application exports of users and roles on which compliance teams can map segregation of duties. The tool would be able to produce compliance reports based on logic entered by the compliance officers, through a web based interface. The compliance reports would be intended for security teams, system administrators and business managers to assess and manage their compliance risks.
The research report will be conducted in parallel with the company for which I currently contract. As an Operational IT Security Consultant for a global energy trading company I have been tasked with assisting in the annual access review of their IT systems. This will provide an opportunity to interview colleagues and gather research materials from a real world situation to use within this project.
References
BBC News, 1999. How Leeson broke the bank. [Online]
Available at: http://news.bbc.co.uk/1/hi/business/375259.stm
[Accessed 29 March 2013].