Establish role-based access controls and implement system logging
Role-based access control: access to network resources should be granted or denied based on job functions. Permissions should be defined based on the level of access needed to perform job functions and related duties.
Standard operating procedures: should be established to allow the removal from network access of former employees and contractors.
Logging capability for each system: should be implemented for each user and for each activity.
No Comments