Traditionally within companies the IT security organization has mitigated risk through its set of policies, procedures and technologies, while user access and authorization has been controlled through the use of identity management processes and technologies managed by the IT organization. By bringing these two functions together, organizations increase their effectiveness to a level that is greater than the sum of the parts.

IT security departments have begun deploying security information and event management systems (SIM) within their organizations to monitor and report on information asset vulnerabilities.