Home page logo

basics logo Security Basics mailing list archives

Re: User access certification
From: "gig" <gigabit () satx rr com>
Date: Mon, 24 Dec 2007 12:12:14 -0600


Take a look at


The nutshell is that the Identify Warehouse takes input in the form of text files to aggregate user access information. It then correlates the data and allows for application owners to validate security using a web-interface.

It's not cheap, but if your company is serious this is the way to go...

good luck!

----- Original Message ----- From: "sphinx white" <sphinxwhite () gmail com>
To: <security-basics () lists securityfocus com>
Sent: Monday, December 17, 2007 10:25 AM
Subject: User access certification

Hi Folks,

In our company we are currently conducting "user access certification" project.

The purpose of the project is to:
* review user accounts by their direct managers and make sure they
have appropriate access rights and privileges are granted on "least
privilege" principle according to their responsibilities;
* get rid of shared accounts;
* cleanup accounts that belong to people that left the company;

This is one of the SOX requirement and has to be done periodically.
Right now the process is not automated and all information and
evidence exchange are organized simply via email and excel docs which
is very inefficient since we have about 40 business critical systems
and thousands of users.

My question is does anybody use any software packages that automate
the process like id-certify for example for the purpose?

I appreciate your input on this.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]