Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Making user access policies work for you

SOX Watch By Michael Kamens , Network World , 03/23/2007
  • Share/Email
  • Tweet This
  • Comment
  • Print

Regardless of a company's size, how it manages employee turnover, staff mobility, and increased use of consultants and contractors are causes for concern by auditors in terms of how user access rights are handled. Despite overburdened IT and human resources departments, companies need to ensure controls are in place to keep their networks secure from current employees, as well as terminated ones.

Whether it's for a Sarbanes-Oxley Act audit or an IT risk assessment, determining access to a corporate network containing digital assets and intellectual property should be a high priority. More often than not, however, user access gets the attention it needs only after a breach or act of fraud. By implementing some solid user access policies and procedures, companies can minimize their exposure to security breaches.

Auditors should start by asking corporate managers to produce lists of current employees, employees terminated since the start of the year and users who have been denied access; policies and procedures that govern the granting of user access and file-sharing privileges; and the process for granting new access rights when employees move to different positions. They also need to know what review process is in place to verify that each user needs his or her current privileges, as well as the company's termination procedure.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed