Privileged Access Management: Essential StepsJohn Keells Holdings CISO, Sujit Christy, on the Need for Auditing Privileged Access
Critical steps when implementing a privileged access management program include auditing of activities performed by administrators and continuous monitoring of user activity, says Sujit Christy, group CISO at John Keells Holdings, a conglomerate based in Sri Lanka.
See Also: Top 50 Security Threats
“Auditing becomes essential to ensure that administrators do not use productivity credentials for administrative purposes, which can open up the systems to hackers,” Christy says in a video interview with Information Security Media Group.
In this interview, Christy offers insights on:
- Building a risk-based strategy to reduce exposure of privileged credentials;
- The need for administering governance policies as part of a PAM framework;
- Managing passwords of privileged users;
Christy, global CISO at John Keells Holdings, is an experienced governance, risk, compliance, and cybersecurity professional. He’s also the director of Layers-7 Seguro Consultoria Private Ltd. and a board member of the ISACA Sri Lanka Chapter. He is a Certified Information Systems Security Professional, Certified Information Systems Auditor, Certified in Risk and Information System Control, and a Certified IT Disaster Recovery Professional.