Access Review
User access review is the periodic assessment of who has access to enterprise systems and data, what they can access, and whether that access is still justified.
What is a User Access Review
Access reviews check the access rights of employees, partners, third parties, service providers, vendors, and anyone else with access to enterprise assets.
Threats Mitigated by Access Reviews
| Threat | Description |
|---|---|
| Privilege creep | Users accumulate access over time beyond what they need. |
| Excessive privileges | Users have access that is not required for their job. |
| Access misuse | Access is used inappropriately or maliciously. |
| Insider threats | Users with legitimate access may misuse sensitive information or knowledge of security controls. |
Step-by-Step Access Review Process
- Review and verify who has access to the organization's systems and services.
- Have the business owner review and update the information-gathering sheet.
- Share the updated sheet with Cloud Operation Center at
COC@site.sa. - Restrict shared account use.
- Minimize third-party access.