メインコンテンツへスキップ

081: Discover & remediate existing over privileged accounts

Overview

Based on business requirements, re-assign users with excessive permissions to least privileged roles.

For existing privileged roles, analyze, update, and assign the least privileged role where possible. This effort should consist of several steps:

  • Define a written organizational policy regarding least privilege roles
  • Analyze role usage in the organization to understand what tasks are regularly performed and which roles best align to those tasks
  • Create evidence to show which role assignments may need to be reduced based on analysis and investigation
  • Update business processes to ensure that least privilege roles are evaluated on a regular basis. If a user stops using privilege granted to them then there should be a process to lessen the permissions they possess over time.

Reference

We value your privacy

We use cookies to analyze how you use our site. This helps us improve your experience and provide better services. You can choose to accept or reject the use of cookies.