Quick Test: Your Organisation's Security Status


Answer the questions below for an idea of how identity management is used in your organisation and what you can do to improve. The results will show you the basics for improving user management and cyber security in your organisation. 

Ian Yoxall CEO
Ian Yoxall
CEO


IAM is an integrated automated solution for the secure management of identities and user access rights in all systems used by the organisation (internal network, legacy systems, cloud services and external systems).
Our organisation has an IAM system covering all users.
We have centralised user management within the organisation.
User management is done manually by support personnel. 

The Joiner, Mover, Leaver process covers the life cycle of employee and subcontractor identities, and defines the steps that are taken to create an identity when a user is created, transitioned, or quit the organisation.
We have automated the Joiner-Mover-Leaver process.
New/outgoing employee information is emailed to supervisors, HR and support, and the user receives instructions via email.
New employees are told how and where to get the required login information.

The length of time between the termination of employment and the removal of access rights and release of software licenses entails security risks and unnecessary costs.
User IDs are automatically disabled.
The supervisor informs HR, support and other relevant parties as required by the process.
We do not have a systematic process for deleting outgoing employee IDs.

Changing user passwords is one of the biggest users of user support. Automating the process can save you numerous working hours.
Users can reset their own password securely.
IT support resets the password upon user request.
IT support will come and reset the password for the user.

Compliance with laws and regulations is in most cases in control, but any audit work will require a great deal of additional work for documentation and system analysis.
Yes, we have established processes for audits.
Yes, but it will still require a lot of work in case of audits.
The status of these issues is a little questionable.

A modern organisation has a number of systems requiring login. Different usernames and passwords add complexity and limit user productivity.
Up to five
6-20
More than 20

Automatic roles and access policies can be used to allocate new employee user credentials based on the information you enter into the HR system or other trusted source.
We set the default permissions for different systems by the employee role and job description (birthright).
The IT support grants user access rights at the request of the user or his/her supervisor.
Access rights will be allocated as requested without further checks.

Log management significantly improves security, reduces the threat and potential impact of cyber attacks, and improves an organisation's ability to comply with legal and industry requirements.
User management log information is available to auditors.
The log information partly records these actions and user access rights can be verified system by system.
Systems do not record administrator user management actions.