Development of a Compliance-Driven Identity Governance Model for Enhancing Enterprise Information Security

• Author(s): Oluchukwu Modesta Oluoha ; Abisola Odeshina ; Oluwatosin Reis ; Friday Okpeke ; Verlinda Attipoe; Omamode Henry Orieno
• Paper ID: 1702715
• Page: 310-324
• Published Date: 31-05-2021
• Published In: Iconic Research And Engineering Journals
• Publisher: IRE Journals
• e-ISSN: 2456-8880
• Volume/Issue: Volume 4 Issue 11 May-2021

Abstract

In the contemporary digital landscape, organizations face increasing regulatory pressures and cybersecurity threats that demand robust identity and access management (IAM) frameworks. Traditional identity governance models often fall short in dynamically aligning with evolving compliance mandates, resulting in security vulnerabilities and audit deficiencies. This study proposes the development of a Compliance-Driven Identity Governance Model (CD-IGM) aimed at enhancing enterprise information security while ensuring regulatory alignment. The model integrates compliance requirements as a foundational design principle rather than a peripheral consideration, embedding regulatory frameworks such as GDPR, HIPAA, SOX, and ISO 27001 into the identity lifecycle management process. The CD-IGM framework is designed around three core pillars: Policy-Centric Access Control, Automated Compliance Monitoring, and Risk-Based Role Engineering. Policy-Centric Access Control ensures that access decisions are tightly coupled with compliance mandates and business rules. Automated Compliance Monitoring leverages artificial intelligence and machine learning to continuously audit user activities, detect anomalies, and generate compliance reports in real time. Risk-Based Role Engineering utilizes behavior analytics and contextual data to dynamically assign roles and permissions based on assessed risk levels. A prototype of the model was implemented and evaluated in a simulated enterprise environment to measure its effectiveness in improving security posture and compliance readiness. Results demonstrated a 35% reduction in unauthorized access incidents and a 50% improvement in audit response times compared to traditional models. Furthermore, stakeholders reported enhanced visibility and control over identity-related risks and improved confidence in compliance audits. The proposed model offers a scalable, proactive, and adaptive approach to identity governance that aligns organizational security objectives with compliance requirements. It represents a paradigm shift from reactive compliance fulfillment to strategic compliance integration, thereby fostering a culture of security by design. The model’s modular architecture also supports integration with existing IAM systems, cloud platforms, and emerging technologies such as Zero Trust and blockchain-based identity systems. This research contributes to the body of knowledge in information security governance by bridging the gap between compliance and identity management, offering practical and theoretical implications for enterprises, policymakers, and cybersecurity professionals seeking to enhance data protection and regulatory conformance.

Keywords

Identity Governance, Compliance, Information Security, Access Management, Risk-Based Role Engineering, Audit, Policy-Centric Control, Artificial Intelligence, Cybersecurity, Regulatory Frameworks.

Citations

IRE Journals:
Oluchukwu Modesta Oluoha , Abisola Odeshina , Oluwatosin Reis , Friday Okpeke , Verlinda Attipoe; Omamode Henry Orieno "Development of a Compliance-Driven Identity Governance Model for Enhancing Enterprise Information Security" Iconic Research And Engineering Journals Volume 4 Issue 11 2021 Page 310-324

IEEE:
Oluchukwu Modesta Oluoha , Abisola Odeshina , Oluwatosin Reis , Friday Okpeke , Verlinda Attipoe; Omamode Henry Orieno "Development of a Compliance-Driven Identity Governance Model for Enhancing Enterprise Information Security" Iconic Research And Engineering Journals, 4(11)