Skip main navigation

The Business Case for Governance

In this video, you will learn about the business case for governance.
6.1
As part of governance, we also want the business case, and this typically helps us with the justification, the visibility of the business value to the organization. Here, we’re looking at providing support to show that it improves our operational efficiency. Even if some of the processes that we’re defining as part of our identity and access management process policy implementation are more onerous, overall we’re looking to prove that they’re more efficient because they reduce the likelihood of us being fined or losing information. So we want to stress here the business drivers for what we’re doing. Typical examples include avoiding financial loss, avoiding fines, and avoiding damage to reputation. This can be difficult to quantify.
54
If we look at the attack that Sony had, with regard to the Playstation network. That had some tangible financial impacts, but something that’s very hard to put a financial value to is the loss of reputation, the damage to the reputation. If we have customers losing faith in our organization, whether we’re a government, whether we’re an enterprise, it creates problems for our brand. Will people reuse our service? Will people trust us in the future? Typical regulatory compliance, then, we’ve said things like PCI DSS for credit card payments, Sarbanes-Oxley in the United States for financial. We have the European Union General Data protection requirements, which updates the data Protection Directive, which are applicable across the whole of Europe.
103.4
It’s a very, very broad remit. And again, must do this if you’re holding personally identifiable information, have to do this, or you can be fined. In terms of the costs, will this help us in terms of some of our support costs? With identity and access management, we may be reducing our cost overheads through the reduction in licencing. If we manage our Joiners-Movers-Leavers processes better, then we can actually help to manage costs down for the organization. Some of the technologies that we’ll look at later in this course, reference technologies like solutions like single sign-on, federated identity management, and they can really help improve people’s access to services.
148
So it’s not all about processes changing to be more onerous; we can actually make things easier for people. This can form part of our business case that we put forward. When we’re considering the business case, we may also want to consider the service standards, the service level agreement, what kind of time scales are we looking at? And there are some really good models of documentation, that we’ll look at later in the course, and standards that relate to identity and access management that can provide a very helpful starting point. These effectively provide a best practice approach.
184
This is where much of the work has been done for us by others, and we have a common set of standards, a common set of terms, a common taxonomy that we can reference when implementing an identity and access management solution.

In this video, you will learn about the business case for governance. Particularly, this speaks to the business drivers for IdAM such as improving operational efficiency and avoiding security incidents that can result in financial loss.

Reflect and share: You have learned about the business case for governance and how it benefits organizations. Reflect on your own situation, are there any models or standards you are using and how does it manifest in your context? Share below.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education