It has long been acknowledged that compromise of Privileged Accounts and Elevated Access can be a major risk for companies, but with the ubiquitous use of administrator, service and software accounts, how does an organization manage and control these type of accounts that have become so pervasive and necessary across our environments.
This session is a high level non-technical review of the type of elevated accounts that exist, their common uses and the risks associated with these accounts. This session will also look at some best practices around managing these accounts. Finally we will talk about automated Privileged Account Management solutions and the set of risks that these systems bring with them. This is a high level discussion about what these types of tools can do and is vendor neutral. No specific solutions will be named, and no comparisons will be made between tools that are currently available. Attendees will learn what criteria they should consider when selecting one of these tools, so that they can make the right selection for their environment.
- Different types of privileged accounts and the associatedrisks
- Best practices for managing privileged accounts
- Automated PAM solutions - choosing the right solution
About Angela Carfrae

Angela Carfrae, CGA, CISSP, CIPT has worked in the Canadian and US compliance arena for over twenty five years, with specialized knowledge in security, privacy, and internal controls. Angela holds an accounting designation, is a certified information security professional and a certified information privacy technologist.
Ms. Carfrae has extensive operational experience in building and managing compliance programs to meet regulatory, business, and customer requirements; preparing and delivering security and privacy awareness programs; serving as a public spokesperson in the areas of security and privacy; and leading security and privacy incident response teams. As a consultant she helps clients implement privacy and security programs and policies in order to meet their compliance requirements.