Balancing Admin Rights & Control – Privilege Access Management
Organizations need to have controls in place in place for the management of accounts with privileged access.
Privileged access management is needed to reduce the likelihood of providing standard users with more access permissions than they require. Appropriate checks or validations for actions performed with privileged accounts should also be implemented to ensure authorized privileged account users are fulfilling their assigned roles in accordance with prescribed security control requirements. Privilege access management is the focus of pitfall #30 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
The allocation and use of privileges to the network, systems, or services must be restricted and controlled through a formal authorization process. Special attention should be given to the allocation of privileged access rights, which provide authorized users the capability to override system controls. The principle of least privilege must be followed, authorizing only access that is necessary for each individual user to accomplish their assigned tasks in accordance with your organization’s mission or business functions. Administrative, physical, and technical controls should be maintained to prevent users without administrative responsibilities from installing unauthorized software.
An authorization process, including a record of all allocated privileges, should be maintained and updated as privileges change. Privileges should be allocated to users on a need-to-use basis or on an event-by-event basis in line with the defined Access Control Policy. Role-based access controls should be implemented that can map each user to one or more role, then mapping each role to one or more system function.
Systems should be configured to generate a log entry and alert when an account is added or removed from any group assigned with administrative privileges. Systems should also be configured to generate a log entry and alert for unsuccessful logon attempts from administrative accounts.
Users of privileged accounts with access to elevated-permission functions must be required to use non-privileged accounts when accessing or performing non-privileged functions (e.g., accessing email, writing documentation, working with spreadsheets, etc.).