Quantitatively measuring recertification campaign effectiveness
First Claim
1. A method to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, comprising:
- selecting accounts for recertification in accordance with a recertification policy to generate a list of accounts;
augmenting the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts;
providing for approval the list including the one or more dummy items, the list being provided to an approver entity;
responsive to receipt from the approver entity of an approval to initiate the recertification campaign, quantifying an effectiveness of the approver entity in locating the one or more dummy items from the list to generate a result;
using the result as an enterprise metric in association with a compliance component of the identity and access management computing system;
wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity.
1 Assignment
0 Petitions
Accused Products
Abstract
An identity management system is augmented to provide a methodology to generate an objective measure of administrative effectiveness with respect to account certification. In the approach, erroneous account information is intentionally inserted into a recertification campaign. The erroneous account information is tracked through the recertification process and used as a measurement to evaluate whether a particular manager/administrator whose accounts are impacted is successful in recognizing the erroneous account information (e.g., as a percentage of erroneous account records located). The dummy information is tracked and used to generate a quantitative measure of the effectiveness of a particular recertification campaign or a particular manager who is responsible for recertifying accounts. The results can also be used to drive other enterprise metrics and compliance systems.
-
Citations
21 Claims
-
1. A method to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, comprising:
-
selecting accounts for recertification in accordance with a recertification policy to generate a list of accounts; augmenting the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts; providing for approval the list including the one or more dummy items, the list being provided to an approver entity; responsive to receipt from the approver entity of an approval to initiate the recertification campaign, quantifying an effectiveness of the approver entity in locating the one or more dummy items from the list to generate a result; using the result as an enterprise metric in association with a compliance component of the identity and access management computing system; wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, the computer program instructions comprising; program code operative to select accounts for recertification in accordance with a recertification policy to generate a list of accounts; program code operative to augment the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts; program code operative to provide for approval the list including the one or more dummy items, the list being provided to an approver entity; and program code responsive to receipt from the approver entity of an approval to initiate the recertification campaign to quantify an effectiveness of the approver entity in locating the one or more dummy items from the list and generate a result; program code to use the result as an enterprise metric in association with a compliance component of the identity and access management computing system; wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, the computer program instructions comprising:
-
program code operative to select accounts for recertification in accordance with a recertification policy to generate a list of accounts; program code operative to augment the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts; program code operative to provide for approval the list including the one or more dummy items, the list being provided to an approver entity; and program code responsive to receipt from the approver entity of an approval to initiate the recertification campaign to quantify an effectiveness of the approver entity in locating the one or more dummy items from the list and generate a result; program code to use the result as an enterprise metric in association with a compliance component of the identity and access management computing system; wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification