A business unit manager, data owner or system owner should indicate whether a specific user is assigned certain
rights to files, applications and network resources. It is best if individual business unit managers (manager of HR, manager of the accounting department, manager of R&D, etc.) are assigned to the data owner roles. This means they are responsible for classifying the data they are responsible for. So when Sally, a new HR employee needs to set up a network account, a request is sent to the HR manager. Once the HR manager approves this access, a request is sent to the data custodian (usually the IT group) with information on the type of account Sally needs with what type of access.
For internal auditing purposes, user accounts on different network systems should be compared to what is in the centralized system. This keeps track of who has approval for specific access types, ensures that there are no orphaned accounts and verifies that users are only receiving the access rights required for their jobs. In my opinion, it is best to implement this procedure every 3-6 months. Please note that this is usually only done on the mission critical systems, however through automated tools, it can be done on all systems.
Dig deeper on Enterprise User Provisioning Tools
Related Q&A from Shon Harris, Contributor
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should ...continue reading
In today's security world, it's hard to keep track of each and every management standard and auditing procedure. In this SearchSecurity.com Q&A, ...continue reading
Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.