Managing User Privileges

Part of the Cyber Maturity series of articles, this section focuses on Managing User Privileges.

Quoting the 10 Steps to Cyber Security Guidance Sheets:

It is good practice for an organisation to manage the access privileges that users have to an Information and Communications Technologies (ICT), the information it holds and the services it provides. All users of ICT systems should only be provided with the privileges that they need to do their job. This principle is often referred to as ‘Least Privilege’. A failure to manage user privileges appropriately may result in an increase in the number of deliberate and accidental attacks.

The specific recommendations are:

  • Establish effective  account  management  processes
  • Limit the number and use of privileged accounts
  • Limit user privileges
  • Monitor all users
  • Establish policy and standards for user identification and access control
  • Set up a personnel screening process
  • Limit access to the audit system and the system activity logs
  • Educate users and maintain their awareness

What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.


Where is good practice referenced? Please let the community know in the comments area below.

The pages referenced in this series of blog articles are derived from the  10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: