Welcome to Scribd!

Skip carousel

QCU CIS Audit - IT Access Management

Uploaded by

Jhondel Rabino

0% found this document useful (0 votes)

5 views3 pages

Original Title

QCU CIS Audit_IT Access Management

Copyright

Available Formats

XLSX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as XLSX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

5 views3 pages

QCU CIS Audit - IT Access Management

Uploaded by

Jhondel Rabino

Copyright:

Available Formats

Download as XLSX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

Quezon City University

Process: IT Access Management

Activity 3

# Process/ Subprocess Risk

Users are granted access

rights on the basis of an
approved request. and
limited only to access
required to carryout their job
responsibilities.

Unique user ID is assigned

to each user. No group IDs
exist and shared by multiple
users.

A.New hires & transfers

Changes to users’ access

should be approved and
their role re-evaluated to
prevent “role creep” which is
caused by incremental
additions to access
overtime, causing
segregation of duties risks.

Access rights should be

promptly disabled and/or
removed once users leave
the company.

B.Terminations and
resignations
If there is no or ineffective
periodic review, extended
testing of terminations and
resignations is performed
Existing controls Frequency Objectives

Data Ownership on the to prevent unauthorized

classification of data access to data and
elements and the allocation unauthorized use of system
of responsibility for ensuring functions and program
confidentiality. Assigning
responsibility for protecting
data to a particular
employee, accountability is
established

Privacy impact analysis is to establish a right to trust

an instrument for assessing that others will appropriately
the potential impacts on and legitimately use, store,
privacy of a process, share, and dispose of the
information system, associated personal and
program, software module, sensitive information within
device or other initiative the context, and according
which processes personal to the purpose for which the
information and in data have been stored and
consultation with derived
stakeholders, for taking
actions as necessary to
treat privacy risk.

data are identified and

authorized in writing

Written termination policies provide adequate protection

are established and provide for the organization's assets
clear steps for employment and data
separation. Addressing
voluntary and involuntary
separation
Audit Procedures
Audit Procedures
(Test of Operating
(Test of Design)
Effectiveness)
use the information review a sample of the job
regarding data ownership to description to ensure that
determine if proper responsibilities and duties
ownership has been are consistent with the
assigned and whether the security policy.
data owner is aware of the
assignement.

Review management's check whether personnel

Privacy Policy to ascertain sensitive are correctly
whether it takes into managed and verify if the
consideration the correct security measures
requirement of privacy laws are adopted.
and regulations.

organization have a clear asses if the necesssary item

definition and have been refunded such
documentation procedure as devices, item keys, ID
for teminating employee to cards and Badges to
the compay prevent easy physical
access

Ebook CISSP Domain 05 Identity and Access Management (IAM)
Document84 pages
Ebook CISSP Domain 05 Identity and Access Management (IAM)
Ab Parvize
No ratings yet
VPN Access Policy V 1.1
Document10 pages
VPN Access Policy V 1.1
Birhan
No ratings yet
Security Part I Auditing Operating Systems and Networks
Document35 pages
Security Part I Auditing Operating Systems and Networks
Robert Castillo
No ratings yet
Business Requirement For Access Control
Document5 pages
Business Requirement For Access Control
mrz
No ratings yet
Audcise Chapter5
Document6 pages
Audcise Chapter5
Carolyn Manzala
No ratings yet
KeyAssignment 2 Sevuri GCYSEC 502
Document20 pages
KeyAssignment 2 Sevuri GCYSEC 502
sudheerthota1225
No ratings yet
Access Control For Security Management
Document15 pages
Access Control For Security Management
Carlos Moreno
No ratings yet
Iso27001v2013checklist 161225185435
Document22 pages
Iso27001v2013checklist 161225185435
ochedikwujonah
No ratings yet
Database Security: Dbms:Databasemanagement System
Document32 pages
Database Security: Dbms:Databasemanagement System
jj kjegr
No ratings yet
Compliance Assessment Results: A.5 Information Security Policies
Document22 pages
Compliance Assessment Results: A.5 Information Security Policies
Karam AlMashhadi
No ratings yet
Access Control Management Process v0.2
Document34 pages
Access Control Management Process v0.2
Matteo Renato
No ratings yet
Hippa and ISO Mapping
Document13 pages
Hippa and ISO Mapping
nidelel214
No ratings yet
TOPIC 9 Segregation-of-Duties-and-Access-Controls
Document8 pages
TOPIC 9 Segregation-of-Duties-and-Access-Controls
kenl69784
No ratings yet
Unit-1 IAM
Document17 pages
Unit-1 IAM
raghavprabhakar143
No ratings yet
Asset - Change - Request - Procedure - v2
Document3 pages
Asset - Change - Request - Procedure - v2
Boris
No ratings yet
Duplichecker Plagiarism Report
Document2 pages
Duplichecker Plagiarism Report
Sahil Arora
No ratings yet
Perations Ecurity Olicy: Inspiring Business Innovation
Document20 pages
Perations Ecurity Olicy: Inspiring Business Innovation
rontechtips
No ratings yet
Audit Program - ITGC
Document8 pages
Audit Program - ITGC
ashishhpandey99
No ratings yet
Security and Protection in Operative Systems
Document11 pages
Security and Protection in Operative Systems
Grace Victoria Ellison
No ratings yet
Secure Controls Framework 2023 4
Document280 pages
Secure Controls Framework 2023 4
ice1025
No ratings yet
Nist SP 800-171 Physical Protection Section 3.10
Document2 pages
Nist SP 800-171 Physical Protection Section 3.10
Arrigo Lupori
No ratings yet
Identity Management Testing Aim
Document3 pages
Identity Management Testing Aim
Aswathy L C
No ratings yet
SIEM Use-Cases Pertaining To PCI DSS V3
Document6 pages
SIEM Use-Cases Pertaining To PCI DSS V3
Moazzam Ch
No ratings yet
Embracing A Zero Trust Security Model
Document12 pages
Embracing A Zero Trust Security Model
him2000him
No ratings yet
Topic Security Issue Response: Roles & Responsibilities
Document4 pages
Topic Security Issue Response: Roles & Responsibilities
Anton Briliawan
No ratings yet
ISMS Access Control
Document29 pages
ISMS Access Control
Tigor Gurning
100% (1)
Darryl Crowe Issp Report
Document22 pages
Darryl Crowe Issp Report
api-594428506
No ratings yet
ITGC Domain Control Number Process
Document19 pages
ITGC Domain Control Number Process
ashfaq123
No ratings yet
Mwaa Security Assessment Questionnaire: Topic Security Issue Response
Document4 pages
Mwaa Security Assessment Questionnaire: Topic Security Issue Response
Adil Raza Siddiqui
No ratings yet
Identity Comp
Document2 pages
Identity Comp
him2000him
No ratings yet
OneIdentity - Risk Management Best Practices For Privileged Access Management White Paper 27772
Document4 pages
OneIdentity - Risk Management Best Practices For Privileged Access Management White Paper 27772
Mathias Moin
No ratings yet
Audit Procedure
Document5 pages
Audit Procedure
Leoreyn Faye Medina
No ratings yet
Asset Management Policy 2
Document21 pages
Asset Management Policy 2
Sk Islam
No ratings yet
Communications Security Policy
Document14 pages
Communications Security Policy
Kate Middleton
No ratings yet
Access Management
Document3 pages
Access Management
hussainfawad1313
No ratings yet
Comparing A Security Strategic Plan - Edited.edited
Document6 pages
Comparing A Security Strategic Plan - Edited.edited
Paul Wahome
No ratings yet
Wfo Data Privacy Regulations Executive Perspective Enus
Document2 pages
Wfo Data Privacy Regulations Executive Perspective Enus
Gabriel Guinle
No ratings yet
P2-Understanding IS Audit Environment
Document20 pages
P2-Understanding IS Audit Environment
qwerty
No ratings yet
Best Practices Guide For IT Governance & Compliance
Document14 pages
Best Practices Guide For IT Governance & Compliance
Anonymous 2WKRBqFlf
No ratings yet
Running Head: REFERNCE MONITOR 1
Document6 pages
Running Head: REFERNCE MONITOR 1
api-403267489
No ratings yet
Logical Access-Control Audit Program: Appendix C
Document8 pages
Logical Access-Control Audit Program: Appendix C
h
No ratings yet
Your Location Has Been Shared 5,398 Times! A Field Study On Mobile App Privacy Nudging
Document11 pages
Your Location Has Been Shared 5,398 Times! A Field Study On Mobile App Privacy Nudging
Sophie Veys
No ratings yet
Data Security
Document19 pages
Data Security
Anjelly Pavino
No ratings yet
Information Security: - Va I B H Av-0 1 - TARUN-03 - Bhagyashree-06 - VINIT-07 - ARCHANA-08 - SAYLEE-36 - MANALI-38 - KARTIK-42
Document7 pages
Information Security: - Va I B H Av-0 1 - TARUN-03 - Bhagyashree-06 - VINIT-07 - ARCHANA-08 - SAYLEE-36 - MANALI-38 - KARTIK-42
Vinit
No ratings yet
IT General Control Audit Work Program
Document7 pages
IT General Control Audit Work Program
មនុស្សដែលខកចិត្ត ជាងគេលើលោក
No ratings yet
Supplier Security Assessment Questionnaire
Document9 pages
Supplier Security Assessment Questionnaire
Ahmed M. SOUISSI
100% (1)
Isa - GRP-6 Identity Access Management
Document72 pages
Isa - GRP-6 Identity Access Management
alyzzamarienpanambitan
No ratings yet
7 Keys To Delivering Secure Remote Access
Document3 pages
7 Keys To Delivering Secure Remote Access
maryam
No ratings yet
Ryan Macias Cisa Chain of Custody Report
Document24 pages
Ryan Macias Cisa Chain of Custody Report
Jordan Conradson
No ratings yet
The Chartered Cyber Security Officer
From Everand
The Chartered Cyber Security Officer
Dr. Zulk Shamsuddin
Rating: 5 out of 5 stars
5/5 (1)
01-CH01-CompSec2e-ver02 Overview PDF
Document35 pages
01-CH01-CompSec2e-ver02 Overview PDF
Nikunj Patel
No ratings yet
What Is Information Security?: Public For Public Use
Document41 pages
What Is Information Security?: Public For Public Use
Joshua Carelo
No ratings yet
Security Authentication
Document19 pages
Security Authentication
Narasimha Murthy
No ratings yet
Ds Mvision Cloud PDF
Document6 pages
Ds Mvision Cloud PDF
Bevy Indicio
No ratings yet
ACT 1208 Module 4 - Audit Process
Document40 pages
ACT 1208 Module 4 - Audit Process
Mairene Castro
No ratings yet
Automated User Authentication in Wireless Public Key Infrastructure For Mobile Devices Using Aadhar Card
Document27 pages
Automated User Authentication in Wireless Public Key Infrastructure For Mobile Devices Using Aadhar Card
Shubham
No ratings yet
CISM Glossary v2 1 1
Document7 pages
CISM Glossary v2 1 1
pareshvlohar
No ratings yet
Ls3 - Policies, Procedures, and Awareness: CIS240 - Lab Experiment
Document6 pages
Ls3 - Policies, Procedures, and Awareness: CIS240 - Lab Experiment
leovaldan
No ratings yet
Identity and Access Management 1
Document6 pages
Identity and Access Management 1
catudayja
No ratings yet
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
From Everand
AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
Mamta Devi
No ratings yet
Analysis of Open EMR Systems
Document9 pages
Analysis of Open EMR Systems
Chris Ververidis
No ratings yet
Sumo User Manual
Document48 pages
Sumo User Manual
Luca Martinelli
No ratings yet
Data Loss Prevention Next Steps Joa Eng 0218
Document11 pages
Data Loss Prevention Next Steps Joa Eng 0218
Nguyễn Thành
No ratings yet
Project On Online Shopping Maniegment System Group Member's Name Id
Document8 pages
Project On Online Shopping Maniegment System Group Member's Name Id
Bisrateab Gebrie
No ratings yet
CHFI v10 Course Content
Document8 pages
CHFI v10 Course Content
Abhijith Up
No ratings yet
FDD - ICM (F1800) Baseline Default Parameters
Document255 pages
FDD - ICM (F1800) Baseline Default Parameters
Ahmed Badr
No ratings yet
Transformation Offices Leverage Agile Po
Document1 page
Transformation Offices Leverage Agile Po
Alfred Amihere
No ratings yet
SQA Week 3 (BSCS 8) .
Document23 pages
SQA Week 3 (BSCS 8) .
laiba noor
No ratings yet
Beginners Guide To Successful Cardsharing
Document8 pages
Beginners Guide To Successful Cardsharing
Andriatsitohaina Rabenaivo
No ratings yet
Anime Studio Pro 8 Users Manual
Document510 pages
Anime Studio Pro 8 Users Manual
Wolmyr
No ratings yet
Web-Programming Notes MRIET
Document142 pages
Web-Programming Notes MRIET
Vishu Jaiswal
No ratings yet
LR-W Series: IO-Link Instruction Manual
Document6 pages
LR-W Series: IO-Link Instruction Manual
Arins
No ratings yet
Export Dpa
Document119 pages
Export Dpa
Raghu Shyam
No ratings yet
Amdocs Questions
Document8 pages
Amdocs Questions
Pia Sha
No ratings yet
Malith 204
Document5 pages
Malith 204
Geetha desilva
No ratings yet
Nlpslide
Document21 pages
Nlpslide
Melkamu Zinabu
No ratings yet
Library - Modules - Abstract Python
Document7 pages
Library - Modules - Abstract Python
Priya Darshni
No ratings yet
Files in C: S.Komal Kaur, Assistant Professor, CSE Department, VCE
Document26 pages
Files in C: S.Komal Kaur, Assistant Professor, CSE Department, VCE
Leela Pallava
No ratings yet
OL ICT Model Paper I TM
Document7 pages
OL ICT Model Paper I TM
Fathima Fathi
No ratings yet
Fx-9860giii Soft v340 en
Document461 pages
Fx-9860giii Soft v340 en
deprozol
No ratings yet
PHP Mysql: Prof. N.Nalini Scope VIT
Document48 pages
PHP Mysql: Prof. N.Nalini Scope VIT
justadityabist
No ratings yet
0000703revb Ruskin User Guide Large Loggers
Document123 pages
0000703revb Ruskin User Guide Large Loggers
Roz
No ratings yet
Development Landscape (NON HANA)
Document2 pages
Development Landscape (NON HANA)
Sharif Razi
No ratings yet
Mart Conomic Fficient: Automatic Chemistry Analyzer
Document1 page
Mart Conomic Fficient: Automatic Chemistry Analyzer
Victoria Anna
No ratings yet
《Computer culture》 Homework: 1. Decribe the process of converting Office 97-2010 files to 2013 in detail
Document2 pages
《Computer culture》 Homework: 1. Decribe the process of converting Office 97-2010 files to 2013 in detail
Shariar Parvez Tonmoy
No ratings yet
INKCHIP Instruction Method 14 (For 99 Firmware)
Document5 pages
INKCHIP Instruction Method 14 (For 99 Firmware)
Rajesh D
No ratings yet
HP-UX Containers (SRP) A.03.01 Administrator's Guide PDF
Document7 pages
HP-UX Containers (SRP) A.03.01 Administrator's Guide PDF
Sladur Bg
No ratings yet
Platform Js
Document14 pages
Platform Js
revturner
No ratings yet
7 Word Processing 2: Sunnydays Coach Tours
Document4 pages
7 Word Processing 2: Sunnydays Coach Tours
Илья Коломиец
No ratings yet
DIGIOP ELEMENTS Full User Manual
Document124 pages
DIGIOP ELEMENTS Full User Manual
Adrian Garcia
No ratings yet