Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.
system access rights policy?
- o_moomoo77
-
Topic Author
- Offline
- Senior Member
-
- Posts: 57
- Thank you received: 0
we manage quite a number of system access rights in my company, should i develop a policy to track all these?
Please Log in or Create an account to join the conversation.
- o_Kenneth Lee
-
- Offline
- New Member
-
- Posts: 15
- Thank you received: 0
Hi moomoo
I'm not sure if I understand you fully. Do you mean to standardise the way the access rights mechanisms are done? If so, you need a policy. But if you are talking about implementation or tracking, policies don't do that. That is more of the standards, procedures, processes etc.
Policies can help?ΓΏ(e.g. stating that all users must be authenticated, logs must be kept for what type of activities and for how long etc). You can think of policies as the company's decisions on the issue, but the actual implementation (e.g. what type of formats should the logs be etc) are details that policies generally don't take care of.
Please Log in or Create an account to join the conversation.
- o_moomoo77
-
Topic Author
- Offline
- Senior Member
-
- Posts: 57
- Thank you received: 0
was actually wanting to develop a SOP to document down all the various system access rights across all systems. u r right, we want to standardise the way access rights mechanism are managed. but not sure if i'm in the right direction?
Please Log in or Create an account to join the conversation.