Page 1258 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1258

following them, and that these processes and procedures are working
               as expected.

               For example, access to highly valuable data should be restricted to

               only the users who need it. An access review audit will verify that data
               has been classified and that data classifications are clear to the users.
               Additionally, it will ensure that anyone who has the authority to grant
               access to data understands what makes a user eligible for the access.
               For example, if a help desk professional can grant access to highly

               classified data, the help desk professional needs to know what makes a
               user eligible for that level of access.

               When examining account management practices, an access review
               audit will ensure that accounts are disabled and deleted in accordance
               with best practices and security policies. For example, accounts should
               be disabled as soon as possible if an employee is terminated. A typical
               termination procedure policy often includes the following elements:

                    At least one witness is present during the exit interview.


                    Account access is disabled during the interview.

                    Employee identification badges and other physical credentials such
                    as smartcards are collected during or immediately after the
                    interview.

                    The employee is escorted off the premises immediately after the
                    interview.

               The access review verifies that a policy exists and that personnel are
               following it. When terminated employees have continued access to the

               network after an exit interview, they can easily cause damage. For
               example, an administrator can create a separate administrator account
               and use it to access the network even if the administrator’s original
               account is disabled.


               User Entitlement Audits

               User entitlement refers to the privileges granted to users. Users need
               rights and permissions (privileges) to perform their job, but they only

               need a limited number of privileges. In the context of user entitlement,
               the principle of least privilege ensures that users have only the
   1253   1254   1255   1256   1257   1258   1259   1260   1261   1262   1263