“Identity theft is not a joke, Jim.” If you’re not familiar with this reference, please DM me as we have much to discuss. For context, the line above is said by Dwight K. Schrute, a character played by Rainn Wilson in the TV series The Office. In this episode a colleague impersonates Dwight, causing the line above. Once again, Dwight highlights the importance of account/identity security within an organization without hiding weapons throughout the office.
User and administrator accounts play a pivotal role in enabling access to digital resources and sensitive data within organizations. Effectively managing these accounts goes beyond enhancing workflow efficiency—it is a cornerstone of data security and regulatory compliance.
Phishing, spear phishing, whaling, smishing, and vishing are all targeted at individuals. Some of those individuals will fall prey to these attempts so it’s imperative to ensure that all accounts are known, documented, and at a minimum, reviewed quarterly.
All accounts must be authentic and legitimate. Monitoring new accounts and modifications to current ones is essential to ensure their validity. Additionally, it's crucial to examine service accounts to confirm they are used for their specific purposes. Unauthorized establishment or alteration of an account is frequently the initial step taken by an intruder to secure sustained access.
Guidelines for Setting Up and Sustaining an Account Inventory
- Utilize Automated Tools: Implement software options designed to promptly identify and list accounts throughout your various systems, apps, and platforms. Opt for tools that offer real-time tracking for optimal benefits.
- Consistent Audits: Allocate regular times for inspecting the account list. The frequency can be adjusted based on the organization's magnitude and specific nature—be it monthly, quarterly, or every six months. The primary aim is to detect and address any inconsistencies.
- Review Access Regularly: Periodically assess who can access particular data and systems. It's crucial to guarantee that staff members can only access the resources pertinent to their designated roles.
- Account Lifecycle Oversight: Blend the process of inventorying accounts with the user's journey within the organization. This means adjusting account access and privileges whenever an employee is onboarded, undergoes a role change, or exits the company.
Here’s a link to an Account and Credential Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/account-and-credential-management-policy-template-for-cis-controls-5-and-6
Here’s some details on this specific Control/Safeguard. If you want more detail, DM me.
CIS Control 5 – Account Management
Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.
Implementation Group 1
CIS Safeguard 5.1 - Establish and Maintain an Inventory of Accounts
Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person’s name, username, start/stop dates, and department. Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.