Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Access Control

Welcome to the Access Control topic!

Collaborate, contribute, consume and create knowledge around role or responsibility based access, active directory, ldap, administrator/privileged access, and other access topics.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
671 Members
1 Online
10065 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 49 total

Must be a Topic member to contribute
View All »
Recently I pull a list of service accounts. As I tried to identify who know how the account being used, I received a couple return answer that the account is not needed anymore. Some has password hard coded but some can be changed. Now the question is ...
Audry847 | 3/17/2017 1:38:14 PM | COMMENTS(3)
What are the first steps should be taken when fraud case is detected?
Tarek EL-Sherif | 3/17/2017 4:18:38 AM | COMMENTS(0)
We are trying to streamline periodic access review process for the financially significant/sensitive applications across the company. I wanted to get some examples of how this process I handled. Some questions are: Example of Segregation of duties matr...
Hiral791 | 3/16/2017 9:11:10 PM | COMMENTS(1)
To review or not to review administrator account activities at application layer Dear All I am an Risk and Control officer. I have had a discussion with Information Security Officer regarding to the privileged account management lately. I hope I...
Prometheus Yang | 3/8/2017 10:15:32 AM | COMMENTS(4)
Google released a blog post today on a practical technique to generate a SHA1 collision in other words a practical attack against the SHA1 algorithm. If you are using SHA1 algorithms, might be a good time to migrate. https://security.googleblog.com/2017/0...
Kenneth687 | 2/24/2017 3:29:29 AM | COMMENTS(1)
Question for the community…The following extract pertaining to Insider Threat is in the latest 2016 ENISA Threat Landscape Report. “In particular, the top five identified insider incidents / actions are: privilege abuse (ca. 60%), data mishandling (ca. 13...
Ray478 | 2/22/2017 9:50:11 AM | COMMENTS(1)

Documents & Publications: 6 total

Must be a Topic member to contribute
Books
Posted by ISACA 432 days ago
Books
Posted by ISACA 1121 days ago
In the modern connected world trust is an important requirement. End to end trust involving identity, conditions of trust, policy and actions to be taken such as enabling or precenting access need to be defined more clearly and mechanisms created to facilitate access. This ISSA Working Group paper outlines basic thinking about end to end trust and the Adaptive Access Framework.
Posted by Ron Hale Ph.D. CISM 1597 days ago
Books
Posted by ISACA 1783 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 19 total

Volume 1, 2017
by Richard Hoesl, CISSP, SCF, Martin Metz, CISA, Joachim Dold and Stefan Hartung
The average total cost of a data breach is about US $4 million, whereas the average cost for a stolen record increased slightly from US $154 in 2015 to US $158 in 2016.
Volume 4, 2016
by Vincent Kha, CISM, GPEN, MCTS, OWSP
For many information systems auditors, reviewing domain accounts in an Active Directory (AD) environment is sufficient for testing controls around user authentication.
Volume 4, 2016
by Debbie Newman, CISA
Get to know your network.
Volume 4, 2016
by Trevor J. Dildy, CCNA
Network access control (NAC) is the technique for network management and security that enforces policy, compliance and management of access control to a network.
Volume 1, 2016
by Mark Johnston
In July 2015, CVS became the latest company to fall victim to an apparent breach, this one involving credit card data obtained via its web site for ordering and processing photos.
Volume 5, 2015
by Chris Sullivan
Hackers frequently try to get inside networks using co-opted access credentials. Yet most IT departments still review access privileges only quarterly or semiannually.

Wikis: 2 total

Blog Posts: 6 total

Must be a Topic member to view blog posts
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What potent...
Posted By : Paulina.PNI | 2 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments
We have already seen that OS/400 passwords are controlled using system values (http://www.isaca.org/Blogs/273340/Lists/Posts/ViewPost.aspx?ID=18). To refresh: QPWDEXPITV - The number of days for which a password is valid. QPWDMAXLEN - The maximum num...
Posted By : Ian Cooke | 0 comments
As with configurations the company you are auditing should have a policy on password controls.  We have previously discussed that SQL Server allows two methods of authenticating to the database – Mixed Mode and Windows Authentication (see http://www.isa...
Posted By : Ian Cooke | 0 comments
Traditionally, each software application is developed to maintain and manage the identity and the related permission information within it. As more and more such applications gets deployed, user provisioning and managing access control could soon be a nig...
Posted By : Kannan | 0 comments