Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Access Control

Welcome to the Access Control topic!

Collaborate, contribute, consume and create knowledge around role or responsibility based access, active directory, ldap, administrator/privileged access, and other access topics.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
707 Members
0 Online
10541 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 56 total

Must be a Topic member to contribute
View All »
Has anyone done an Audit of a SELinux Policy? I would be looking for programs that ensure that all aspects are included in the audit.
Christoph N. | 8/12/2017 11:19:01 AM | COMMENTS(0)
To review or not to review administrator account activities at application layer Dear All I am an Risk and Control officer. I have had a discussion with Information Security Officer regarding to the privileged account management lately. I hope I...
Prometheus Yang | 7/26/2017 8:49:15 PM | COMMENTS(5)
i want to know it's the user concurrent session must be 1 or able more than that? currently my company set is 20 but auditor claim that is a lot. 
Chee Yew233 | 7/26/2017 8:17:33 PM | COMMENTS(0)
I am beginning planning for an audit of access controls at a state agency. Can someone provide examples of audit programs/ audit steps to perform?
jmax333 | 7/26/2017 2:49:48 PM | COMMENTS(1)
any company have the operational risk management working group? what is that?
Chee Yew233 | 6/28/2017 9:05:39 PM | COMMENTS(2)
Hello, Quick question but could be tricky. If management decided to have quarterly review of user access for Q1 of that year, what would be the appropriate time to perform quarterly access review based on SOX requirement? Should it be before the end o...
Henri-Adi | 6/27/2017 8:23:33 PM | COMMENTS(7)

Documents & Publications: 6 total

Must be a Topic member to contribute
Books
Posted by ISACA 607 days ago
Books
Posted by ISACA 1295 days ago
In the modern connected world trust is an important requirement. End to end trust involving identity, conditions of trust, policy and actions to be taken such as enabling or precenting access need to be defined more clearly and mechanisms created to facilitate access. This ISSA Working Group paper outlines basic thinking about end to end trust and the Adaptive Access Framework.
Posted by Ron Hale Ph.D. CISM 1771 days ago
Books
Posted by ISACA 1957 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 21 total

Volume 3, 2017
by Kurt Kincaid, CISA, Lean Six Sigma Green Belt
What follows is a discussion of the nature of HTTPS, how it should be configured, and how to remotely assess that configuration for oneself, rather than relying on verbal or written attestation from server or application administrators.
Volume 2, 2017
by Kathleen Martin, CISA, CRISC
Owners of critical business data need to ensure that all application and database user entitlements and privileges are recertified on a periodic basis to make sure that only authorized individuals have access to the enterprise’s data.
Volume 1, 2017
by Richard Hoesl, CISSP, SCF, Martin Metz, CISA, Joachim Dold and Stefan Hartung
The average total cost of a data breach is about US $4 million, whereas the average cost for a stolen record increased slightly from US $154 in 2015 to US $158 in 2016.
Volume 4, 2016
by Debbie Newman, CISA
Get to know your network.
Volume 4, 2016
by Trevor J. Dildy, CCNA
Network access control (NAC) is the technique for network management and security that enforces policy, compliance and management of access control to a network.
Volume 4, 2016
by Vincent Kha, CISM, GPEN, MCTS, OWSP
For many information systems auditors, reviewing domain accounts in an Active Directory (AD) environment is sufficient for testing controls around user authentication.

Wikis: 2 total

Blog Posts: 6 total

Must be a Topic member to view blog posts
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What potent...
Posted By : Paulina.PNI | 2 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments
We have already seen that OS/400 passwords are controlled using system values (http://www.isaca.org/Blogs/273340/Lists/Posts/ViewPost.aspx?ID=18). To refresh: QPWDEXPITV - The number of days for which a password is valid. QPWDMAXLEN - The maximum num...
Posted By : Ian Cooke | 0 comments
As with configurations the company you are auditing should have a policy on password controls.  We have previously discussed that SQL Server allows two methods of authenticating to the database – Mixed Mode and Windows Authentication (see http://www.isa...
Posted By : Ian Cooke | 0 comments
Traditionally, each software application is developed to maintain and manage the identity and the related permission information within it. As more and more such applications gets deployed, user provisioning and managing access control could soon be a nig...
Posted By : Kannan | 0 comments