Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

The Business Case for Governance

In this video, you will learn about the business case for governance.
As part of governance, we also want the business case, and this typically helps us with the justification, the visibility of the business value to the organization. Here, we’re looking at providing support to show that it improves our operational efficiency. Even if some of the processes that we’re defining as part of our identity and access management process policy implementation are more onerous, overall we’re looking to prove that they’re more efficient because they reduce the likelihood of us being fined or losing information. So we want to stress here the business drivers for what we’re doing. Typical examples include avoiding financial loss, avoiding fines, and avoiding damage to reputation. This can be difficult to quantify.
If we look at the attack that Sony had, with regard to the Playstation network. That had some tangible financial impacts, but something that’s very hard to put a financial value to is the loss of reputation, the damage to the reputation. If we have customers losing faith in our organization, whether we’re a government, whether we’re an enterprise, it creates problems for our brand. Will people reuse our service? Will people trust us in the future? Typical regulatory compliance, then, we’ve said things like PCI DSS for credit card payments, Sarbanes-Oxley in the United States for financial. We have the European Union General Data protection requirements, which updates the data Protection Directive, which are applicable across the whole of Europe.
It’s a very, very broad remit. And again, must do this if you’re holding personally identifiable information, have to do this, or you can be fined. In terms of the costs, will this help us in terms of some of our support costs? With identity and access management, we may be reducing our cost overheads through the reduction in licencing. If we manage our Joiners-Movers-Leavers processes better, then we can actually help to manage costs down for the organization. Some of the technologies that we’ll look at later in this course, reference technologies like solutions like single sign-on, federated identity management, and they can really help improve people’s access to services.
So it’s not all about processes changing to be more onerous; we can actually make things easier for people. This can form part of our business case that we put forward. When we’re considering the business case, we may also want to consider the service standards, the service level agreement, what kind of time scales are we looking at? And there are some really good models of documentation, that we’ll look at later in the course, and standards that relate to identity and access management that can provide a very helpful starting point. These effectively provide a best practice approach.
This is where much of the work has been done for us by others, and we have a common set of standards, a common set of terms, a common taxonomy that we can reference when implementing an identity and access management solution.

In this video, you will learn about the business case for governance. Particularly, this speaks to the business drivers for IdAM such as improving operational efficiency and avoiding security incidents that can result in financial loss.

Reflect and share: You have learned about the business case for governance and how it benefits organizations. Reflect on your own situation, are there any models or standards you are using and how does it manifest in your context? Share below.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now