Archive for the ‘Access Control’ Category

Accenture to invest $250M to expand technology consulting

July 18, 2007

Accenture said it will invest more than $250 million over the next three years to expand its technology consulting capabilities.

The investment is designed to address a strong increase in demand from clients for services an advice from technology -platform-independent services providers.

Specifically, the investment will focus on helping clients: develop IT strategies that deliver measurable business outcomes; standardize, virtualize and secure their IT infrastructures and applications; improve worker productivity; and implement new consumer-like, Web-based applications that tap into the potential of services-oriented architecture (SOA) and other newer technologies.

Among specific areas, one of them is to deal with issues from compliance requirements, such as risk management, application security… (more…)


Automating Internal Control Process

July 18, 2007

As the part of Section 404, Sarbanes Oxley Act requires the review of user access. Most companies follow similar process: once or twice a year, IT department prints out the application access and sends to business managers to confirm their staff’s access to ERP applications. This could become a big headache for corporate internal control team if the company has thousands of employees. The complication arises because of the cultural barrier between IT and business departments. Most business managers are not familiar with the ERP backend user authorizations. And in reality, the collaboration between IT and business managers is not that great. There is one independent survey by Ponemon Institute this Feb.. which mentioned that ‘two thirds of 627 respondent companies said their IT department and business functions rarely collaborate in identity management’.


Oracle Expands Identity Management Ecosystem

July 6, 2007

Building on the success of its Extended Identity Management Ecosystem and Reference Architecture initiative, Oracle today announced it has added eight new members and more than doubled the size of the ecosystem. New Independent Software Vendors (ISVs) including Arcot, Cyber-Ark, ForeScout, Imageware, Juniper Networks, Inc., Pay By Touch, Quantum Secure and TriCipher are working with Oracle to provide value added integrations to Oracle(r) Identity Management thereby delivering solutions that extend beyond traditional access and identity management infrastructures. (more…)

The Incoming of ‘Federated Identity Management’

July 6, 2007

Boeing joined Transglobal Secure Collaboration Program, or the TSCP, to collaborate trusted partners when working on the Future Combat Systems program for the US Army. TSCP is about managing identity and enforcing IT security across corporations and national boundaries, in industries where identity management is critical, such as defense industry. This is a great example of  ‘Federated Identity Management’. (more…)

NEC Fraud and Segregation of Duties

June 5, 2007

Just came across an article on, which will make an easy case for the need of GRC software.

NEC  details major fraud
Fake orders resulted in $4 million in kickbacks. Meanwhile, internal investigations continue. (more…)