Thoughts on Access Control

There are several layers of Access Control that need to be audited. These are some of the questions that need to be asked when auditing access.


  • Which groups or individuals have access to sensitive locations or equipment in the organization being audited?

Operating System/Network Access to network resources: 

  • Who has access to file shares or network resources on the network?  I.E. does the Marketing Department really need access to the Sales Team’s reports folder?
  • What kinds of privileges do individuals or groups have in these shares – Read, Write, Execute?
  • Are these privileges appropriate?

Access to Enterprise Resource Planning systems:

  • Which groups or individuals have access to each ERP module?
  • Is this access appropriate?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>