ITIL Foundation Online Training - $47/mo Description: 14+ Hours, 200+ Practice Questions, Lifetime Access, 100% Online, Self-paced Click Here

10 Full ITIL Mock Exams for only $25/mo.Check if you are ready to take the ITIL Exam and crack it in the first attempt Click Here

Friday, March 16, 2012

Important Concepts in Access Management

Access Management is the process of controlling access to data and information to ensure that authorized users have timely access while preventing access by unauthorized users. The Access Management process may be the responsibility of a dedicated function but is usually carried out by all Technical and Application Management functions.

If the Service Desk is operating as the single point of contact, it is usual that it should receive any Service Requests for new or changed access rights and may also be authorized by the owner of the security policy to grant these rights. Typically this occurs when a new person joins the organization or a new supplier is engaged, but it may also occur when someone moves from one department to another or changes role. Access rights should be withdrawn when someone leaves the organization.

The Access Management process should include monitoring access to secure information so that in the event of a security-related incident arising, the cause can be traced and any security risks discovered can be removed. Monitoring will also identify unauthorized access attempts and instances of password errors as indications of possible security threats.

Role of an Access Manager

The Access Manager or Access Control Manager is the individual who is responsible for controlling access to all resources within the organization. This may include access to offices, computers, data centers, shared drives, etc
Every request to gain access to a resource related to a service will be approved/rejected by this Access Control Manager. Periodic reviews of the usage of accesses will also be done to ensure that unwanted permissions are revoked as and when required.

Prev: Purpose of Access Management

Next: Introduction to Incident Management

No comments:

Post a Comment


© 2013 by All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.


Popular Posts