ISSeG logo

 Training and Dissemination web site

 FP6 logo

Integrated Site Security for Grids

 A project co-funded by EU FP6 programme
Home page

Top Recommendations
Top Threats
Security Checklists
Risk assessment

my Role
my Site
my Community
All Recommendations
All Threats
Training
Downloads

Security terms


Contact
ISS & ISSeG

Threat:

Faulty access rights management Ref.: T1


What might happen:
Access rights are not consistent with authorisation policy.

Examples:

An Unix/Linux developer has root access to his development server.

  • Lack of dedicated/trained Unix/Linux administrators
A general user has administrative privileges on a windows host
  • Lack of dedicated /trained Windows administrators
An external user (contractor, guest user etc.) has access to Internet applications
  • Lack of access rights management tools and/or processes.

Recommendations:
R2, R12, R25, R31, R32, R35, R36, R37, R41, R43, R45, R48, R49, R55, R58, R59, R62

ISSeG Audit Questions:
Please see the ISSeG Risk Assessment questionnaire

Threat group of family:

Compromising    Human    Failure    Environment     Aggression
   
Copyright (c) Members of the
ISSeG Collaboration
2008		 Top of page Home page Information Society and media logo

This is version 5.2 of the website - view release notes
 -view visitor statistics

This page was last modified on28 May 2008 09:13:34 +0200.