Wednesday, September 12, 2007

Identity management audit is not identity audit

Here's a great post on identity audit not being equivalent to identity managment audit: Matt Flynn's Identity Management Blog: Identity Audit != Identity Management Audit. Here's the nut of Matt's argument...

Identity management systems along with other information security mechanisms are controls put in place to enforce organizational policies. Identity Audit provides an independent and wide-angled view of identity controls, identity behavior and identity power to ensure that policies are being enforced. IdA solutions are complementary to IdM systems and continue to provide value in environments where IdM systems aren't available (or required).

Quite right, Matt!

Technorati Tags:

No comments: