Access rights to information and other associated assets should be provisioned, reviewed, modified, and removed in accordance with the organisation’s topic-specific policy and rules for access control.
This control being is a part of the Access Control Policy that emphasises provisioning, reviewing, modifying, and removing of access rights of a user to the system.
While provisioning of access rights to critical information seems to be the first of a user stepping into the system, it is recommended to review, modify, and if necessary, delete the access right of the user in a long run. This is a common mistake of organisations that do not or forget to review and modify users’ access rights, which facilitates the ground for numerous information security incidents to happen. For instance, disgruntled employees degrading from a higher position to a lower position in an organisation could cause damage to critical information that they have access to using their escalated access rights. Similarly, an attacker might target sensitive information of the organisation utilising a person with a lower position but escalated access rights within the organisation. Therefore, access rights provisioning, reviewing, modifying, and deleting within the access control policy is a considerable aspect of the organisation.
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk