|A project co-funded by EU FP6 programme|
Account policies and procedures have to be defined. Enforcement ensures that they are followed and automation can help. A security policy has limited effect if it is not enforced.
International collaboration in scientific projects makes it necessary to
create user accounts for remote users. Policies and procedures have to
regulate what has to be done and checked before an account is opened,
and what has to be done when the collaboration ends. Sometimes user
accounts remain open ?forever? because the end of a project is not
announced to the account management. A policy may state for example,
that three months after the end of the collaboration the account and all
access rights have to be closed and removed. Procedures can define that
end dates are required. Thanks to database integration and central
account management, this policy can be automatically enforced.
Method 1: Implement strengthened
account procedures for creation, deletion and block actions.
This procedure is closely tied to the Human resources database. When a person's affiliation with the organization ends, the account maintenance procedure has to be started. Unused accounts are blocked. This reduces exposure to attackers by cleaning up unused resources.
Method 2: Close accounts that do not conform to the strengthened policies
When new stronger policies are introduced, accounts that do not match them need to be closed. A database driven application is a good way to implement this.
|Relevant ISS audit questions:|
User, Account, Management, Policy, Developer, Administrator
Copyright (c) Members of the
|Top of page||Home page|
This is version 5.2 of the website - view release notes
-view visitor statistics