Privileged Access Management: Essential StepsJohn Keells Holdings CISO, Sujit Christy, on the Need for Auditing Privileged Access
Critical steps when implementing a privileged access management program include auditing of activities performed by administrators and continuous monitoring of user activity, says Sujit Christy, group CISO at John Keells Holdings, a conglomerate based in Sri Lanka.
“Auditing becomes essential to ensure that administrators do not use productivity credentials for administrative purposes, which can open up the systems to hackers,” Christy says in a video interview with Information Security Media Group.
In this interview, Christy offers insights on:
- Building a risk-based strategy to reduce exposure of privileged credentials;
- The need for administering governance policies as part of a PAM framework;
- Managing passwords of privileged users;
Christy, global CISO at John Keells Holdings, is an experienced governance, risk, compliance, and cybersecurity professional. He’s also the director of Layers-7 Seguro Consultoria Private Ltd. and a board member of the ISACA Sri Lanka Chapter. He is a Certified Information Systems Security Professional, Certified Information Systems Auditor, Certified in Risk and Information System Control, and a Certified IT Disaster Recovery Professional.