Entitlement Review / User Access Review 2586



  • Hello all,
    I wanted to inquire with you all to see if you have any links to any resources where I can find specific ‘best practices’ guidance with regard to conducting user access reviews. I am specifically looking for support that I will use in a management memo that I am going to write to support how our company needs to improve our user access review process.
    Thanks.
    Regards,
    Jason



  • Hi Jason and welcome 🙂
    The COBIT standards might be worthwhile to download and review
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=1920
    This may also provide some links
    http-and-#58;//www.google.com/search?hl=en-and-q=user access review
    http-and-#58;//www.google.com/search?hl=en-and-q=user access review best practices
    Some general tips based on past experience:
    – Ensure groups/permissions well documented by IT security
    – Ensure permissions have blessings of system owners (with approvals on file - electronically in sharepoint, email, change mgt system, etc)
    – Look for a minimalistic security approach on sensitive applications (like finance) where users have just enough rights to do job
    – Look for proper approval/autonomy levels in the workflow, permissions, and control structures
    – Use good tools like Bindview, KSA, or other advanced security tools to map our access rights electronically


Log in to reply