Case study overview

Dubious transactions have been recorded in ACME’s Information System. The time period and the business process involved in the fraud are easily determined and IT is requested to identify suspects, i.e. users who were entitled to access the system and could have initiated such transactions.

As a result, a team of IT experts had to restore several database backups and search for user access rights and activity over the considered time period. Then, they tried to establish whether accounts were shared among several users on the system, or if orphan accounts may have been used by a third party. After several days, they were able to bring the list down to a dozen names.

We easily understand why both access control and access history are important in order to be able to perform fraud investigation. Yet, even with comprehensive access logs, it is very difficult to retrace the full user entitlement history, as we are searching for a needle in a haystack.

Goals

• Entitlement information history is scattered in several repositories and need to be consolidated.
• Contextual analyses need to be more powerful by the way of linking account, identity and usage data.
• Identify risk situations upstream instead of managing crises

Next: Brainwave approach