Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Access Control

Welcome to the Access Control topic!

Collaborate, contribute, consume and create knowledge around role or responsibility based access, active directory, ldap, administrator/privileged access, and other access topics.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
793 Members
1 Online
11305 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 59 total

Must be a Topic member to contribute
View All »
Do you conduct regular reviews of accounts with privileged access in your non-production environment?  If so, how frequently is this done. 
Barbara664 | 7/5/2018 1:19:19 PM | COMMENTS(5)
How you keep track of all users on your company? Do you have any tool(dtaabse ) to inventory all users in all systems. Can you suggest one to me?
Enkli78 | 4/25/2018 7:37:29 AM | COMMENTS(1)
1. if the non clerical staff able to access or view customer information, what impact will bring?2. System owner was approved the non clerical user access rights, and allow them to view or access  the customer information, what impact will bring in?
Chee Yew233 | 3/12/2018 1:43:40 PM | COMMENTS(4)
i want to know it's the user concurrent session must be 1 or able more than that? currently my company set is 20 but auditor claim that is a lot. 
Chee Yew233 | 12/28/2017 7:20:45 AM | COMMENTS(5)
Has anyone done an Audit of a SELinux Policy? I would be looking for programs that ensure that all aspects are included in the audit.
Christoph N. | 8/12/2017 11:19:01 AM | COMMENTS(0)
To review or not to review administrator account activities at application layer Dear All I am an Risk and Control officer. I have had a discussion with Information Security Officer regarding to the privileged account management lately. I hope I...
Prometheus Yang | 7/26/2017 8:49:15 PM | COMMENTS(5)

Documents & Publications: 6 total

Must be a Topic member to contribute
Posted by ISACA 910 days ago
Posted by ISACA 1599 days ago
In the modern connected world trust is an important requirement. End to end trust involving identity, conditions of trust, policy and actions to be taken such as enabling or precenting access need to be defined more clearly and mechanisms created to facilitate access. This ISSA Working Group paper outlines basic thinking about end to end trust and the Adaptive Access Framework.
Posted by Ron Hale Ph.D. CISM 2075 days ago
Posted by ISACA 2261 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 24 total

Volume 3, 2018
by Alex Quiles, CISA
The use of Windows accounts to authorize users to applications introduces risk that an auditor should evaluate.
Volume 2, 2018
by Vincent J. Schira, CISA, CIPT, CISSP, CPA, PCI-ISA
Over the last couple of decades, access control technologies and system advances have necessitated rethinking how access certifications are used as a control and at what frequency.
Volume 6, 2017
by Dan Blum, CISSP
Digital identity has the power to propel your enterprise forward…or it can cause you to crash and burn. How you govern and manage it will make all the difference.
Volume 3, 2017
by Kurt Kincaid, CISA, Lean Six Sigma Green Belt
What follows is a discussion of the nature of HTTPS, how it should be configured, and how to remotely assess that configuration for oneself, rather than relying on verbal or written attestation from server or application administrators.
Volume 2, 2017
by Kathleen Martin, CISA, CRISC
Owners of critical business data need to ensure that all application and database user entitlements and privileges are recertified on a periodic basis to make sure that only authorized individuals have access to the enterprise’s data.
Volume 1, 2017
by Richard Hoesl, CISSP, SCF, Martin Metz, CISA, Joachim Dold and Stefan Hartung
The average total cost of a data breach is about US $4 million, whereas the average cost for a stolen record increased slightly from US $154 in 2015 to US $158 in 2016.

Wikis: 2 total

Blog Posts: 8 total

Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 5 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What potent...
Posted By : Paulina.PNI | 2 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments
We have already seen that OS/400 passwords are controlled using system values ( To refresh: QPWDEXPITV - The number of days for which a password is valid. QPWDMAXLEN - The maximum num...
Posted By : Ian Cooke | 0 comments