Identity and access management (IAM) is a growing concern as organizations are working to manage closely who has access to their systems and data. With cyberattacks increasingly common, companies are placing greater emphasis on IAM and privileged access management (PAM). An effective IAM program should both enable the business by delivering the desired efficiencies and protect the organization’s data and information from potential misuse by systematically reducing IAM risk.
Regardless of where an organization stands in its IAM capabilities, performing an IAM assessment is the first step to raising maturity. This article reviews the Protiviti IAM capability model, which supports the identification of gaps and can be used to provide an understanding of a company’s current state relative to leading industry practices and the desired future state.