In addition to conducting a periodic review of access granted to and possible by each user, good practice also requires that you check access from the system point of view as well. Modern computer systems make extensive use of “system” accounts. These are a kind of user account not associated with a human being but rather an automated process. Often used for housekeeping purposes such as backups, disk management, or the general gathering and analysis of monitoring and log data, these accounts usually have elevated privileges that grant access to special devices or system files. review Ideally, you would check system by system, for every computer, every security device on your network, and every database—in fact, every technical entity—to see which software and systems can do any of these things:
- Connect
- Read
- Write
- Verify the existence of, or the up/down state or its health
- Start or stop
- Read or change access settings
- Read or change any other configuration settings
- Perform privileged actions, or act as a system administrator
Such checks are time-consuming and in an ordinary network must be automated in order for a comprehensive scan to be practical. As with so many security measures, you may find it necessary to prioritize which systems (and which system accounts) are reviewed.
