Identity & Access Management (IAM) forms the foundation of IT security in modern organizations. But how can you systematically identify the critical points that could lead to manipulation, disclosure, data loss, or theft of information? This presentation provides a practical overview of the most important steps in an IAM risk analysis based on the IT-Grundschutz methodology.

Which accounts and individuals have access to business-critical data and systems? The presentation shows how privileged accounts and service accounts are systematically recorded and evaluated. Typical risk categories and their identifying features are presented.

Concrete examples are used to demonstrate how probabilities of occurrence and vulnerabilities are assessed in ...