Nick Lasenko, a cybersecurity expert with CISA and CISSP certifications, dives into the pivotal role of identity and access management in safeguarding organizations. He highlights the financial fallout of data breaches and the challenges in distinguishing between legitimate and malicious users. Lasenko discusses the necessity for robust governance to tackle IAM complexities and shares real-world horror stories, emphasizing best practices for user access reviews and the impact of AI on securing sensitive data.
31:56
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
IAM Importance
Identity and access management (IAM) is crucial because data breaches represent unauthorized access.
Good IAM is valuable for cost-benefit decisions, especially given the increasing costs of breaches.
insights INSIGHT
Weak Governance Risks
Weak governance is a major IAM risk, creating vulnerabilities.
This includes aspects like poor password controls and unclear identity management.
volunteer_activism ADVICE
Strong Governance Advice
Establish clear IAM governance with well-defined rules and policies.
Implement technical tools and processes with rigor, clarity, and risk management in mind, aligning with business interests.
Get the Snipd Podcast app to discover more snips from this episode
The Institute of Internal Auditors Presents: All Things Internal Audit Tech
In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today’s organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases.
Host:
Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT, The IIA
Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner
Key Points
Introduction [00:00-00:00:07]
Overview of identity and access management [00:00:08-00:00:31]
The financial impact of data breaches [00:00:32-00:01:26]
Challenges in detecting and responding to security incidents [00:01:27-00:02:26]
Common identity and access management risks for auditors [00:02:27-00:03:26]
Weak governance and its implications [00:03:27-00:04:26]
Siloed organizations and identity and access management complexities [00:04:27-00:05:26]
Regulatory frameworks and standards [00:05:27-00:07:26]
Identity and access management controls and data governance [00:07:27-00:09:26]
Real-world use cases and security incidents [00:09:27-00:11:26]
Horror stories and lessons learned in identity and access management [00:11:27-00:13:26]
Best practices for managing user access reviews [00:13:27-00:16:26]
Continuous authentication and its challenges [00:16:27-00:18:26]
Privileged access management and audit considerations [00:18:27-00:21:26]
The impact of AI and machine learning on identity and access management [00:21:27-00:23:26]
Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26]
Closing remarks [00:25:27-00:31:43]
The IIA Related Content Interested in this topic? Visit the links below for more resources:
All Things Internal Audit