« Lenny Zeltser on Moats | Main | Paging John Wanamaker - 36% of online ad traffic is fraud »

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c75869e201a3fcdba381970b

Listed below are links to weblogs that reference What Happens When You Don't Use SoD:

Comments

Altonius_au

Hi Gunnar,

I'm interested in your thoughts on priv user access reviews vs priv user monitoring. In my experience most auditors unceremoniously bunch these two control types into the same bucket without considering the differences.

In my mind reducing root/admin type privileges to no-one and having an appropriate authorisation and escalation process is really beneficial (normally tied to a change control record or incident ticket).

Beyond that then having some type if session recording / key logging mechanism is really helpful. I see this recording as slightly preventative, as admins are less likely to do dodgey stuff, especially if logs are being sent off-server. The recording can also be a detective control looking for particular commands that aren't usually needed.

What I'm looking for is whether you're seeing many orgs perform this level of review or whether they're just using an IAM governance tool to periodically review who has access at a set point in time?

Altonius
Https://altonblom.com

The comments to this entry are closed.