))
Identity & Access Management
Manage episode 467245886 series 3559413
Content provided by IIA Podcasts and The Institute of Internal Auditors. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by IIA Podcasts and The Institute of Internal Auditors or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
The Institute of Internal Auditors Presents: All Things Internal Audit Tech
In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today’s organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases.
Host:
Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT, The IIA
Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner
Key Points
- Introduction [00:00-00:00:07]
- Overview of identity and access management [00:00:08-00:00:31]
- The financial impact of data breaches [00:00:32-00:01:26]
- Challenges in detecting and responding to security incidents [00:01:27-00:02:26]
- Common identity and access management risks for auditors [00:02:27-00:03:26]
- Weak governance and its implications [00:03:27-00:04:26]
- Siloed organizations and identity and access management complexities [00:04:27-00:05:26]
- Regulatory frameworks and standards [00:05:27-00:07:26]
- Identity and access management controls and data governance [00:07:27-00:09:26]
- Real-world use cases and security incidents [00:09:27-00:11:26]
- Horror stories and lessons learned in identity and access management [00:11:27-00:13:26]
- Best practices for managing user access reviews [00:13:27-00:16:26]
- Continuous authentication and its challenges [00:16:27-00:18:26]
- Privileged access management and audit considerations [00:18:27-00:21:26]
- The impact of AI and machine learning on identity and access management [00:21:27-00:23:26]
- Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26]
- Closing remarks [00:25:27-00:31:43]
The IIA Related Content Interested in this topic? Visit the links below for more resources:
- Intermediate IT Auditing
- Auditing IT Change Management
- GTAG: Auditing Identity and Access Management, 2nd Edition
- Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program
- Implementing The IIA’s New Cybersecurity Topical Requirement
- Cybersecurity Topical Requirement
Visit The IIA's website or YouTube channel for related topics and more.
Resources Mentioned
- The IIA's 2025 Analytics, Automation and AI Virtual Conference
- The IIA’s Updated AI Auditing Framework
- NIST Cybersecurity Framework (CSF)
- NIST AI Risk Management Framework
- IBM Cost of a Data Breach Report 2024
- CISA and NSA Guidance on Identity and Access Management
Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer
67 episodes
Share
