Logging and tracking access

Monitoring identity status

As user s work in the organization, their roles change and so also do their needs to access services. Examples of changes include:

• Job changes. In this case the user will possibly need access to different or additional services.
• Promotions or demotions. The user will probably use the same set of services, but will need access to different levels of functionality or data.
• Transfers. In this situation, the user may need access to exactly the same set of services, but in a different region with different working practice s and different sets of data.
• Resignation or death. Access needs to be completely removed to prevent the username being used as a security loophole.
• Retirement. In many organizations, an employee who retires may still have access to a limited set of services, including benefits system s or systems that allow them to purchase company products at a reduced rate.
• Disciplinary action. In some cases the organization will require a temporary restriction to prevent the user from accessing some or all of the services that they would normally have access to. There should be a feature in the process and tools to do this, rather than having to delete and reinstate the user’s access rights.
• Dismissals. Where an employee or contractor is dismissed, or where legal action is taken against a customer (for example for defaulting on payment for products purchased on the Internet), access should be revoked immediately. In addition, Access Management, working together with Information Security Management, should take active measures to prevent and detect malicious action against the organization from that user.

Access Management should understand and document the typical User Lifecycle for each type of user and use it to automate the process. Access Management tools should provide features that enable a user to be moved from one state to another, or from one group to another, easily and with an audit trail.

Access Management should not only respond to requests. It is also responsible for ensuring that the rights that they have provided are being properly used.

In this respect, Access Monitoring and Control must be included in the monitoring activities of all Technical and Application Management function s and all Service Operation processes.

Exceptions should be handled by Incident Management, possibly using Incident Model s specifically designed to deal with abuse of access rights. It should be noted that the visibility of such actions should be restricted. Making this information available to all who have access to the Incident Management system will expose vulnerabilities.

Information Security Management plays a vital role in detecting unauthorized access and comparing it with the rights that were provided by Access Management. This will require Access Management involvement in defining the parameters for use in Intrusion Detection tools.

Access Management may also be required to provide a record of access for specific Services during forensic investigations. If a user is suspected of breaches of policy, inappropriate use of resource s, or fraudulent use of data, Access Management may be required to provide evidence of dates, times and even content of that user’s access to specific Services. This is normally provided by the Operational staff of that service, but working as part of the Access Management process.

Дата добавления: 2014-12-23; Просмотров: 444; Нарушение авторских прав?; Мы поможем в написании вашей работы!