Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.


Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

Effective Access Control: Communication, Simplicity

Todd Neff | May 22, 2007

The need for a fancy identity-management system to control access to IT systems depends on how big and complex you are and how much pain your company can take. Linda DiPaola, with less than 500 employees to track, does just fine without any system at all.

DiPaola, director of internal audit at Empire Resorts, a New York gaming and resort management firm, depends on process, not technology, and it's working perfectly well.

DiPaola says her approach is all about managing risk. From an access control perspective, that means upholding the sanctity of segregation of duties and ensuring that user permissions to IT systems match business needs. There’s also making sure departures, promotions, and the like prompt changes to user access appropriately.

Empire Resorts consists of a host of many nonintegrated systems, DiPaola explains, so she watches just two systems closely: the financial reporting and gaming applications. If she... To get the full story, subscribe now.