What are the best practices every Information Security Access Control Policy should include? We are reviewing and updating our Enterprise wide Information Security Access Control Policy.

1.5k views33 Upvotes2 Comments

Sort by:

Engineering Manager in Software2 years ago

Least Privilege: Grant minimal access needed for job roles, only what is necessary.

User Access Management: Control user onboarding, modification, and removal.

Strong Authentication: Enforce strong authentication methods like MFA. you can also leverage tools like Okta.

Password Management: Set guidelines for secure passwords. Revoke old passwords often.

Access Control for Systems: Implement user roles and permissions.

Account Monitoring and Logging: Log user access and system events.

Head of ISG in Finance (non-banking)2 years ago

When reviewing and updating your enterprise-wide Information Security Access Control Policy, it is important to consider the following best practices

·        Principle of Least Privilege.

·        Role-Based Access Control (RBAC

·        User Authentication

·        Access Reviews and Auditing.

·        Access Control for Remote Access

·        Separation of Duties

·        Access Control for Third-Party Users

·        Password Management

·        Access Control for Data

·        Regular Policy Review and Updates

Remember that these best practices serve as general guidelines, and you should tailor them to fit the specific needs and requirements of your organization. It is also recommended to consult with security professionals or seek legal advice to ensure compliance with relevant laws and regulations.

Content you might like

Looking for a replacement / upgrade to SolarWinds Orion. Its main purpose would be network and telecom monitoring. Prefer something with Ai and NetFlow capabilities. Does anyone have any suggestions or experiences to share?

I am looking for an EDI parser which is a light weight, SaaS and can be run as serverless (recommended) to perform EDI transaction (834, 837 etc) HIPAA validation.
So far, I could find Edifecs, ediFabric, Stedi and IBM ITX in the market. Can anyone provide their experience or recommendation on different tools on the market that we should evaluate?

Do you plan to buy cyber insurance in the next year?

Yes42%

No, we don't have plans to37%

No, we already have cyber insurance19%

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Is your organization changing its approach to any ongoing application modernization projects as a way to reduce risk?

Yes, we’re pausing 12%

Yes, we’re scaling back40%

Yes, we’re scaling up24%

No, we’re not changing our approach24%

N/A, we have no current projects

View Results

What are the best practices every Information Security Access Control Policy should include? We are reviewing and updating our Enterprise wide Information Security Access Control Policy.

Sort by:

Content you might like

Looking for a replacement / upgrade to SolarWinds Orion. Its main purpose would be network and telecom monitoring. Prefer something with Ai and NetFlow capabilities. Does anyone have any suggestions or experiences to share?

Do you plan to buy cyber insurance in the next year?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Is your organization changing its approach to any ongoing application modernization projects as a way to reduce risk?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

DevSecOps: Strategies, Organizational Benefits and Challenges

Green Cloud Computing

Omnicloud: The Future of Cloud Computing?

Generative AI and Software Engineering Teams: Adoption and Training

Take Your Insights On-the-Go