Compliance 101 is a series of blog posts that expand on security compliance requirements that you'll see in a certification or RFP document. My goal is to explain what they mean and how to achieve the requirement.
Is authority and access to use advanced operating system utilities and commands that bypass system access controls monitored, logged, reviewed and restricted to those individuals or accounts that require access to perform the respective job function(s)? Welcome to the second post in my series on…
Continue reading...Are all required approvals documented for each access request or modification to a user's or account's access privileges? Summary Essentially what this requirement is asking for is a record of every addition or modification to an individual (or group's) access to a system or data…
Continue reading...This post is the introduction of a series I'm working on. I'm taking a list of security compliance questions that a client or an auditor might present to a company and expanding on what it means, how important it is, how one would introduce controls…
Continue reading...