The Institute of Internal Auditors Presents: All Things Internal Audit Tech

In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today's organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases.

Host:

Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT, The IIA

Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner

Key Points

• Introduction [00:00-00:00:07]
• Overview of identity and access management [00:00:08-00:00:31]
• The financial impact of data breaches [00:00:32-00:01:26]
• Challenges in detecting and responding to security incidents [00:01:27-00:02:26]
• Common identity and access management risks for auditors [00:02:27-00:03:26]
• Weak governance and its implications [00:03:27-00:04:26]
• Siloed organizations and identity and access management complexities [00:04:27-00:05:26]
• Regulatory frameworks and standards [00:05:27-00:07:26]
• Identity and access management controls and data governance [00:07:27-00:09:26]
• Real-world use cases and security incidents [00:09:27-00:11:26]
• Horror stories and lessons learned in identity and access management [00:11:27-00:13:26]
• Best practices for managing user access reviews [00:13:27-00:16:26]
• Continuous authentication and its challenges [00:16:27-00:18:26]
• Privileged access management and audit considerations [00:18:27-00:21:26]
• The impact of AI and machine learning on identity and access management [00:21:27-00:23:26]
• Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26]
• Closing remarks [00:25:27-00:31:43]

The IIA Related Content Interested in this topic? Visit the links below for more resources:

• Intermediate IT Auditing
• Auditing IT Change Management
• GTAG: Auditing Identity and Access Management, 2nd Edition
• Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program
• Implementing The IIA's New Cybersecurity Topical Requirement
• Cybersecurity Topical Requirement

Visit The IIA's website or YouTube channel for related topics and more.

Resources Mentioned

• The IIA's 2025 Analytics, Automation and AI Virtual Conference
• The IIA's Updated AI Auditing Framework
• NIST Cybersecurity Framework (CSF)
• NIST AI Risk Management Framework
• IBM Cost of a Data Breach Report 2024
• CISA and NSA Guidance on Identity and Access Management

Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer