Information Risk Management Case Study: User Access Review
Source: Information Risk Management
In large multi-user environments it is often difficult to establish exactly who has access to data, systems or applications. Historical user accounts and group memberships along with various generations of internal architectures further complicate matters. Through a User Access Review engagement IRM identifies user access models throughout the corporate environment. Such reviews can be tailored to meet specific internal or external compliance requirements. IRM has built custom tools such as PRESQL to help organisations graphically view the role and privileges of users across resources; this has proved invaluable with respect to identifying excessive or redundant accounts and roles, which can then be removed to minimise the potential for unauthorised access.