IBM Security Verify

IBM Identity Governance and Intelligence (IGI) manages access risk controls by using conflicting, or sensitive, business activities to define access risks. 

The general principle of risks in Identity Governance is that an individual employee should not be authorized to perform tasks, which might damage the organization. 

A common example is that the person that creates a purchase order should not be the same person that approves the order. This duty separation prevents frauds, and errors. Role-Based Access Control models and manages this condition using the Segregation of Duty (SoD) concept. Segregation of Duty imposes constraints so that a user with a certain role cannot take on another role whose nature conflicts with the one already assigned. 

Segregation of duties, also known as separation of duties, prevents frauds and errors by requiring more than one person to complete a task. 

Business activities in IGI represent real business activities that users can perform. Business activities are typically hierarchical, show user access in business terms, and are defined by the business process teams, or adopted from industry-specific process classification frameworks. 

IGI defines a Segregation of Duty risk as a combination of business activities that should not be available to the same individual. IGI defines SoD in terms of incompatible business activities, and not by roles or permissions. 

With IGI you are able to detect Segregation of Duty violations in near real-time, with daily automatic, or even more frequent, schedules that do not depend on manual operations. 

For further details on Risk Management with IGI, watch the video tutorial at https://www.securitylearningacademy.com/course/view.php?id=3407 

You can also experiment Risk Management in IGI, by using the online lab available at https://www.securitylearningacademy.com/mod/hvp/view.php?id=15134