An Introduction To
Objective: To ensure authorised user access and to prevent unauthorised access to information systems.
There should be formal procedures to control allocation of access rights to information systems and services.
There should be a formal user registration and de-registration procedure for granting access to all multi-user information systems and services.
The allocation and use of special privileges (any feature that allows the user to over ride system or application controls) should be restricted and controlled.
User password management
The allocation of user passwords should be securely controlled through a formal management process.
Review of user access rights
User access rights should be reviewed at regular intervals to ensure that they meet business needs.
The Security Practitioner
An Introduction to Information Security