Entitlement Review / User Access Review 2586
-
Hello all,
I wanted to inquire with you all to see if you have any links to any resources where I can find specific ‘best practices’ guidance with regard to conducting user access reviews. I am specifically looking for support that I will use in a management memo that I am going to write to support how our company needs to improve our user access review process.
Thanks.
Regards,
Jason
-
Hi Jason and welcome
The COBIT standards might be worthwhile to download and review
http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1920
This may also provide some links
http-and-#58;//www.google.com/search?hl=en-and-q=user access review
http-and-#58;//www.google.com/search?hl=en-and-q=user access review best practices
Some general tips based on past experience:
– Ensure groups/permissions well documented by IT security
– Ensure permissions have blessings of system owners (with approvals on file - electronically in sharepoint, email, change mgt system, etc)
– Look for a minimalistic security approach on sensitive applications (like finance) where users have just enough rights to do job
– Look for proper approval/autonomy levels in the workflow, permissions, and control structures
– Use good tools like Bindview, KSA, or other advanced security tools to map our access rights electronically