Supervising and control of the access to the company assets becoming more and more important aspect, and bigger and bigger challenge. There is an increase in the number of customers, employees, partners and suppliers who have access to the critical information assets of an organization.

Defining the access rights, beyond the information technology, is in connection on one hand with the organization hierarchy, and on the other hand with the role determined by the personal activity. Granting the complicated access rights to the user, affecting more systems and servers, is not only a one man ad hoc decision. It is a result of a decision sequence of several organizations, which decisions are sometimes overlap each other but sometimes they are completely independent from each other. It follows that the granted rights are usually incoherent and hard to see trough. Still we have to secure the confidential data, and at the same time have to guarantee the security of the information devices.

Managing access rights takes a highlighted place during an IT audit, so a good access right monitor system can significantly unburden to meet the compliance rules.

A properly structured access rights monitoring system can radically decrease the risks of the access rights management, by collecting effectively the access right setups of the information systems all around the company, and after processing of the collected data, provides monitoring and reporting functions based on he captured and stored data. With such an application we can present all the security access rights granted to a user or a user group, for all the systems.

If you want to provide a solution for a company wich has several locations, big amount of users, complicated and heterogene information system, you have to implement an application which is modular and scalable.

In my presentation I’d like to review the working method, the tipical structure, the usefullnes, the opportunities and the implemetation methodology of such kind of system.

Draft:

- Introduction

Access right management problems

- Compliance obligations

- Working method of an access rights monitoring system

- Logical and phisical structure

- Working processes

- Opportunities

- Implemetation and operation problems