O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Identity and Access Provisioning Lifecycle

Organizations must adopt formal policies and procedures to address account provisioning, review, and revocation.

When new or temporary employees, contractors, partners, auditors, and other third parties require access to an organization’s systems and networks, the organization must have a formal methodology for assessing risk and assigning appropriate access rights. New accounts must be provisioned correctly and in a timely manner to ensure access is ready and available when the user needs it, but not too soon (so as to ensure that new accounts not yet in active use are not compromised by an attacker).

User and system accounts, along with their assigned privileges, should be reviewed on a regular basis to ensure that they are still appropriate. For example, an employee may no longer require the same privilege levels due to rotation of duties (see Chapter 6) or a transfer or promotion.

Finally, when access is no longer required, accounts must be promptly disabled.

Prep Test

1 General-purpose control types include all the following except

A choice_circle Detective

B choice_circle Mandatory

C choice_circle Preventive

D Compensating

2 Violation reports and audit trails are examples ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required