Bears, Beets, Battlestar Galactica ft. Bryon Singh, RailWorks Corporation

Bears, Beets, Battlestar Galactica ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On September 06, 2023

“Identity theft is not a joke, Jim.” If you’re not familiar with this reference, please DM me as we have much to discuss. For context, the line above is said by Dwight K. Schrute, a character played by Rainn Wilson in the TV series The Office. In this episode a colleague impersonates Dwight, causing the line above. Once again, Dwight highlights the importance of account/identity security within an organization without hiding weapons throughout the office.

User and administrator accounts play a pivotal role in enabling access to digital resources and sensitive data within organizations. Effectively managing these accounts goes beyond enhancing workflow efficiency—it is a cornerstone of data security and regulatory compliance.

Phishing, spear phishing, whaling, smishing, and vishing are all targeted at individuals. Some of those individuals will fall prey to these attempts so it’s imperative to ensure that all accounts are known, documented, and at a minimum, reviewed quarterly.

All accounts must be authentic and legitimate. Monitoring new accounts and modifications to current ones is essential to ensure their validity. Additionally, it's crucial to examine service accounts to confirm they are used for their specific purposes. Unauthorized establishment or alteration of an account is frequently the initial step taken by an intruder to secure sustained access.

Guidelines for Setting Up and Sustaining an Account Inventory
  1. Utilize Automated Tools: Implement software options designed to promptly identify and list accounts throughout your various systems, apps, and platforms. Opt for tools that offer real-time tracking for optimal benefits.
  2. Consistent Audits: Allocate regular times for inspecting the account list. The frequency can be adjusted based on the organization's magnitude and specific nature—be it monthly, quarterly, or every six months. The primary aim is to detect and address any inconsistencies.
  3. Review Access Regularly: Periodically assess who can access particular data and systems. It's crucial to guarantee that staff members can only access the resources pertinent to their designated roles.
  4. Account Lifecycle Oversight: Blend the process of inventorying accounts with the user's journey within the organization. This means adjusting account access and privileges whenever an employee is onboarded, undergoes a role change, or exits the company.

Here’s a link to an Account and Credential Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/account-and-credential-management-policy-template-for-cis-controls-5-and-6

Here’s some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 5 – Account Management

Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.

Implementation Group 1

CIS Safeguard 5.1 - Establish and Maintain an Inventory of Accounts

Establish and maintain an inventory of all accounts managed in the enterprise. The inventory must include both user and administrator accounts. The inventory, at a minimum, should contain the person’s name, username, start/stop dates, and department. Validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.