Controls Intelligence in the Greater Whole

I was talking to a long time competitor/colleague/client/friend this week about identity governance and a variety of other identity topics. We were commenting that in some regards access certification and access policies have been stuck in bubble of amber: not a lot of innovation save the addition of some cluster analysis (marketed as AI.) In the course of the conversation I remember that a long time ago I had written a piece on the use of negative policy spaces for access governance. My buddy thought it would be fun to dig it up a repost it. So of I went to find this…

What’s funny (at least to me) is that what follows is a writing sample I used as part of the interview process to get my first analyst job at Burton Group. And that brought back a lot of memories…

So without further adieu, straight out of 2008, I bring you:

Controls Intelligence in the Greater Whole – Using Negative Authorizations to satisfy Audit Requirements and strengthen Positive Authorization Policies

Executive Summary

Whether conscious of it or not, no enterprise embarks on a controls exercise, be it controls definition, management, monitoring, or rationalization, unless that exercise addresses audit requirements.   Auditors and regulators have defined the backdrop against which a variety of corporate stakeholders must perform an ever-changing array of maneuvers to prove compliance.  Within this context, controls intelligence platforms and processes have developed to directly satisfy audit requirements.  In contrast, identity management technologies and other “compliance” tools are not truly aware of the constraints and requirements that auditors inflict upon organizations and are fundamentally not designed to meet those needs.  This piece will contrast the difference between controls intelligence platforms and their associated negative authorization policies against identity management technologies and their positive authorization policies, illustrating the appropriate use of both in the eyes of the auditors as well as the enterprise.

Continue reading Controls Intelligence in the Greater Whole

RIP David Foster Wallace

I really enjoy David Foster Wallace’s writing: the short stuff and the long stuff.  Dead, apparently at his own hand, his writing genius is no longer among us.  Rest well David.

I didn’t really like the title of this post and thus I changed it.  I never really got the sense that DFW was toying with his readers and laughing as they struggled through his works.  That being said I do feel like he had a real sense that his readers were out there nearly close enough to touch.

Currently, McSweeney’s is collecting people’s memories and stories about his.  Check it out.

McSweeney’s 28 unboxing

I love McSweeney’s, both the quarterly collection of literature as well their other publications and books. Besides the care and crafting of the content, the quarterly collections have really interesting artwork and packaging.  I just got issue 28 and this one takes the cake from the packaging perspective.  And then I thought, “why is it that only Apple products get unboxing photos?”  So, for your pleasure, I present to you the McSweeney’s Issue 28 unboxing.  You’ll note that each little book is one story.

IMGP3713.JPGIMGP3712.JPGIMGP3714.JPGIMGP3715.JPGIMGP3716.JPGIMGP3719.JPG