Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: User access certification

from [gig] Network Security [Permanent Link]
Subject: Re: User access certification
Date: Mon, 24 Dec 2007 12:12:14 -0600 
White,

Take a look at

http://www.vaau.com/products.html

The nutshell is that the Identify Warehouse takes input in the form of text files to aggregate user access information. It then correlates the data and allows for application owners to validate security using a web-interface.

It's not cheap, but if your company is serious this is the way to go...

good luck!

----- Original Message ----- From: "sphinx white" <sphinxwhite@gmail.com>
To: <security-basics@lists.securityfocus.com>
Sent: Monday, December 17, 2007 10:25 AM
Subject: User access certification


Hi Folks,

In our company we are currently conducting "user access certification" project.

The purpose of the project is to:
* review user accounts by their direct managers and make sure they
have appropriate access rights and privileges are granted on "least
privilege" principle according to their responsibilities;
* get rid of shared accounts;
* cleanup accounts that belong to people that left the company;

This is one of the SOX requirement and has to be done periodically.
Right now the process is not automated and all information and
evidence exchange are organized simply via email and excel docs which
is very inefficient since we have about 40 business critical systems
and thousands of users.

My question is does anybody use any software packages that automate
the process like id-certify for example for the purpose?

I appreciate your input on this.

White

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sans GCFW - What about the "OnDemand" training version ?, jam
Next by Date:  Re: ESMTP service, Ansgar -59cobalt- Wiechers
Previous by Thread:  User access certification, sphinx white
Next by Thread:  Re: User access certification, rohnskii
Indexes:  [Date] [Thread] [Top] [All Lists]