Browse Definitions :
Definition

access governance (AG)

Access governance (AG) is an aspect of information technology (IT) security management that seeks to reduce the risks associated with end users who have unnecessary access privileges. The need for access governance has grown in significance as organizations seek to comply with regulatory compliance mandates and manage risk in a more a strategic manner.

An important goal of access governance is to reduce the cost and effort that’s involved in overseeing and enforcing access policies and management procedures, including recertification. To this effect, access governance software tools can help track access, validate change requests, automate the enforcement of role-based access control (RBAC) or attribute-based access control (ABAC) policies and simplify reporting.

Many access governance software applications combine access control (AC) with identity management capabilities, enforcing a standard set of access rights for business roles while remaining flexible enough to accommodate the needs of super users. Because the software provides transparency, it becomes easier for managers to spot privilege creep and enforce the principle of least privilege (POLP).

In some organizations, the responsibility for access governance is shared by managing members of the organization’s information technology (IT), business and legal teams. Because privileged users continue to serve as a primary vector for security breaches, it’s important for managers to have visibility into access and work together to mitigate risk and decrease the organization’s attack surface. When access governance becomes a cross-departmental effort, the organization becomes better at staying on top of changing regulatory requirements, adhering to internal policies and conducting access reviews on a regular basis. 

This was last updated in October 2016

Continue Reading About access governance (AG)

SearchCompliance

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • spam trap

    A spam trap is an email address that is used to identify and monitor spam email.

  • honeypot (computing)

    A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts ...

  • cracker

    A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in ...

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

  • erasure coding

    Erasure coding (EC) is a method of data protection in which data is broken into fragments, expanded and encoded with redundant ...

Close