Term
|
Definition
- User
- Shared and generic
- Guest
- Service
- Privileged |
|
|
Term
|
Definition
| Users should have the ability to perform their job and have no other rights and permissions beyond that |
|
|
Term
|
Definition
-When people join the organization this process create the accounts, and they will confirm that the user is provided with exactly the right permissions and access by adding them to the proper groups. And the new user may be assigned a workstation, a laptop, a tablet, and any other hardware that may be required to perform their job
-For people leaving the organization has a process for returning equipment, account deactivated |
|
|
Term
| Permission auditing and review |
|
Definition
| routine check performed to ensure every user has exactly the correct permissions they need for their particular role |
|
|
Term
| Usage auditing and review |
|
Definition
| A process to find out exactly how your resources are being used. |
|
|
Term
|
Definition
| An account restriction that limits when a user is allowed to logon. |
|
|
Term
|
Definition
-Accounts can be set to expire at a point in time at which point they become disabled
-To reactivate, change expiration date and enable the account
-Permission auditing can determine if people that have been provided Administrator access that really do not need to have Administrator access. This process can help certify whether or not this needed. |
|
|
Term
| Standard naming convention |
|
Definition
-Unique
-Persistent
-Consistent
-Memorable |
|
|
Term
|
Definition
start with the account creation
-provisioning, pwd, group and permission assignments
-Password reset update
-Permission audits
-Deprovisioning -disable, archive data |
|
|
Term
| Group-based access control |
|
Definition
-Assigning permissions by adding users to groups
-Group permissions may overlap or even conflict |
|
|
Term
|
Definition
-Access based on GPS
-Access based on IP Address
-Access based on wifi
-Can restrict application use |
|
|
Term
| Account policy enforcement |
|
Definition
- Credential management
- Group policy
- Password complexity
- Expiration
- Recovery
- Disablement
- Lockout
- Password history
- Password reuse
- Password length |
|
|
