METHODOLOGY

Costidity – it’s the cost of people’s curiosity and governance system deficiencies.

Everyone talks about the human factor within IGA and IT security; we can measure, analyze, and mitigate it.

The Costidity methodology is composed of the following chain of events:

Measure

What is happening and the scale of the problem?

We measure the natural inclination of people and the chance of them deviating from a policy. This creates Costidity. There is no perfect system to manage rights, and that there’s always a chance someone will subvert the system. This creates human factor cost of diversion results and monitoring system for them, which is costidity.

We discover sources of costidity in your system, like business policies, processes, roles, etc., then we calculate the costidity score for them.

Analyze

Why is this happening?

Now knowing the Costidity score, we analyze system elements. How are the conditions of the policy created? Are they ambiguous? How easy is to deviate?

At the end of the analysis phase, we have a full picture of the current system and deficiencies within the system.

Mitigate

How can we lower the Costidity score?

In the mitigation process we are providing recommendations for how to improve the system and reduce the Costidity. This takes shape in various forms, depending upon the company and the policies.

For more information about Costidity™ and how we can help you tame the human factor contact us at: vlad@techvisionresearch.com