®The Weekly IT Security Review
IT SECURITY CHECKLIST
for the week of January 2, 2009

Need more information about
this week's security review?
 
Search the knowledgebase at
(Link in actual email)
or
email examiner@yennik.com.


 

 

Yennik, Inc.
R. Kinney Williams
President, CFE, CISM, CGEIT
IT Security Auditor
4409 101st Street
Lubbock, Texas  79424
Office 806-798-7119
http://www.yennik.com
 examiner@yennik.com

AUTHENTICATION AND ACCESS CONTROLS - Access Rights Administration

Evaluate the adequacy of policies and procedures for authentication and access controls to manage effectively the risks to the institution by:

 • Evaluate the processes that management uses to define access rights and privileges (e.g., software and/or hardware systems access) and determine if they are based upon business need requirements.

 • Review processes that assign rights and privileges and ensure that they take into account and provide for adequate segregation of duties.

 • Determine if access rights are the minimum necessary for business purposes. If greater access rights are permitted, determine why the condition exists and identify any mitigating issues or compensating controls.

 • Ensure that access to operating systems is based on either a need-to-use or an event-by-event basis. 


Yennik, Inc.®

Published by Yennik, Inc. the acknowledged leader in independent-Internet auditing.
The Weekly IT Security Review is for educational purposes and is not intended to replace an independent
 IT security audit or to be construed as covering all IT security issues that may apply to your business.

Please be advised that Yennik, Inc. fully respects your right to privacy and will not,
under any circumstance, give or sell your information in any form to another party.
Our privacy statement can be found at http://www.yennik.com/privacy_statement.htm.  
Any  distribution or use of this material is strictly prohibited. 
Some material may be excerpts from FFIEC, HIPAA, NIST, or other federal agencies.
Copyright - Yennik, Incorporated -  Our logo above is registered with the United States Patent and Trademark Office.

The Weekly IT Security Review is emailed exclusively for {email}, {firstname} {lastname}.