assessment
Security Risk of Access Controls
Share this doc:
Reflect & Assess
Strict access control is an essential part of protecting the data you store. Answer the following questions to evaluate the security risks of your access control measures and make a plan to improve.
At my organization, only people who really need data have access to it.
Next Steps:
How can you implement a least privilege model?
We monitor and profile access patterns to find abnormalities and harden access controls when indicated.
Next Steps:
How can you monitor access logs for abnormalities?
Multi-factor authentication, or MFA, is required to access any internet-facing tools like VPN, email, and chat programs.
Next Steps:
What steps do you need to take to implement MFA? Do you need to engage?
We monitor access lists for new users, especially users with advanced privileges.
Next Steps:
What is the best way to monitor access logs for new users with advanced permissions? Who should own that process?
Our authorization policy is separate from the rest of our code.
Next Steps:
How should the authorization policy be separated from the larger codebase?
It's easy for developers to integrate our authorization policies.
Next Steps:
At your organization, what are the current challenges to integrating authorization policies? How can you solve for them?
I'm confident that we can assess the strength of data linkage and assign a risk value to that linkage.
Next Steps:
Would it be easy for a bad actor to compromise a user's identity based on your verification techniques?
Next Steps
Would it be easy for a bad actor to compromise a user's identity based on your verification techniques?
For more on this topic, take the Course:
Security & Privacy
In this course, you will learn how to build a framework that reduces the attack surface for sensitive data and how to implement tools for the management of access control and monitoring, such as Access Control Lists (ACLs) and encryption keys.
