
IT firms report widespread data risks
Daily news headlines
WALTHAM, MA & TRAVERSE, MI – IT providers are not being given enough information to mitigate the data risks of their clients, says a new study by data research institute Ponemon commissioned by governance software firm Aveksa.
The study, The 2008 National Survey on Access Governance, questioned 700 US IT practitioners on their information management relationships with their clients – the two largest employers being the financial services industry (21%) and government institutions (18%).
The survey says 78% of respondents thought employees are granted access to data for which they have no need, with inadequate tools in place to inform and update IT providers of employees’ specific and often evolving responsibilities.
“The IT security organisations are judged on how quickly they deliver access. There’s no automated process to engage a business unit to regularly review users’ access to different information resources. They’re using a manual approach – spreadsheets and email – and it is very inefficient,” says Brian Cleary, Aveksa’s vice-president of marketing.
IT practitioners cannot easily automate policy enforcement and require collaboration to understand what information is relevant for user access. It is not the job of a bank’s IT team to understand what information is pertinent for a retail teller’s role, says Cleary.
“They are not regulatory compliance experts. They need audit, risk and compliance to create a better collaborative framework for governing access.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
Risk managers mull Basel-style climate standards
Risk Live: Splintered approach to stress-testing across jurisdictions “very, very worrying”, says risk expert
Forced CS merger casts doubt on use of resolution regimes
Risk Live: Spreads on European AT1 bonds still wider than before March bail-in
Regulators’ remorse: SVB and the case for IRRBB capital charges
Basel Committee chair among those who say Pillar 1 capital requirement could have helped control SVB risks
Improving efficiency and your financial crime compliance programme
The financial crime landscape is constantly evolving, and organisations are facing increasing pressure to stay compliant with rapidly changing regulations and combat financial crime effectively. At the same time, organisations must balance the need for…
Basel’s IRRBB shock scenario update hit by US crisis
Recalibration of shocks had been touted for Q3, but wider rethink may now cause delay
HKMA launches consultation on green taxonomy
Regulator could use proposal to assess progress of banks towards climate goals
After SVB downfall, EBA stress test seeks out unrealised losses
European regulator asks for data on the fair value and sensitivity of bonds and their hedges
EU banks fear Brexit battle over FRTB internal models
Bank of England approach looks easier, but that may not make much difference to model uptake