User access management

Objective: To ensure authorised user access and to prevent unauthorised access to information systems.

There should be formal procedures to control allocation of access rights to information systems and services.

User registration

There should be a formal user registration and de-registration procedure for granting access to all multi-user information systems and services.

Privilege management

The allocation and use of special privileges (any feature that allows the user to over ride system or application controls) should be restricted and controlled.

User password management

The allocation of user passwords should be securely controlled through a formal management process.

Review of user access rights

User access rights should be reviewed at regular intervals to ensure that they meet business needs.

An Introduction To Information, Network and Internet Security
User access management Objective: To ensure authorised user access and to prevent unauthorised access to information systems. There should be formal procedures to control allocation of access rights to information systems and services. User registration There should be a formal user registration and de-registration procedure for granting access to all multi-user information systems and services. Privilege management The allocation and use of special privileges (any feature that allows the user to over ride system or application controls) should be restricted and controlled. User password management The allocation of user passwords should be securely controlled through a formal management process. Review of user access rights User access rights should be reviewed at regular intervals to ensure that they meet business needs.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security