Identity and access management (IAM) processes have always been convoluted. They affect many people (both customers and employees), systems, and teams, and this complexity makes it difficult to protect against new or emerging threats, whether from the outside or the inside. This report describes how security and risk professionals (S&R pros) can apply risk concepts across the entire IAM process portfolio and use behavior-based trending methods to reduce security exposure, ease the burden of IAM policy management, and improve the user experience.