2. Level 2: Compliant
At Level 2 maturity, the organization is aware enough of the incidents and their costs to make a concerted effort at developing a process that is comprehensive at identifying all of the accounts and credentials that need to be removed from IT systems. This process is documented and implemented across the organization. The documented process and sample audit data from the execution of the process can be used to demonstrate compliance to the process for auditors.
3. Level 3: Consolidated
At Level 3 maturity, the processes are consolidated across the organization so that information about the process and how well it is performing is available from a centralized spot. Performance metrics are also available, which can demonstrate both that the processes are being followed and that they are meeting their performance targets.
4. Level 4: Risk Aware
At Level 4 maturity, the organization is measuring the reduction in the cost of malicious acts by former employees and is performing root cause analysis on existing incidents to determine how the security policy needs to be changed or how the employee offboarding processes need to be changed.
IBM solutions to address maturity levels
IBM can help you address your offboarding risks based on your organization's risk appetite. In the following sections, we briefly describe the service and product offerings from IBM that can be applied towards each maturity level.
Level 1: Reactive
At maturity level 1, there is effort to ensure that accounts are closed, entitlements are removed, and access is denied to IT systems when an individual leaves the organization. These efforts are usually managed and initiated by people who maintain the IT systems.
IBM Tivoli® Identity Manager7 is a user provisioning and role management product that can bridge the gap between how business users view their IT resources and the actual IT implementation. Tivoli Identity Manager enables the IT organization to put business processes in place to provide service authorizations only to individuals with a valid business need and remove such authorizations when access is no longer required.
Tivoli Identity Manager manages the relationship between IT accounts and users and provides a rich workflow environment to manage the provisioning and de-provisioning of accounts, which can include recording of management approval, notification to other systems of activity, and interaction with the managed IT systems to make changes in their user registries.
Tivoli Identity Manager can manage adoption and reconciliation processes as well so that there is never an account on a managed IT system that is not associated with a responsible individual. And through its reconciliation processes, Tivoli Identity Manager can monitor managed systems to make sure that no account changes are made that are not reflected in the Tivoli Identity Manager directory.
More product information about Tivoli Identity Manager can be found at the following Web site: http://www.ibm.com/software/tivoli/products/identity-mgr/
Using the IBM Security Blueprint to Address Business Risks for Employee Offboarding