11.6.1 Information Access Restriction

Illustrative Controls and Tests

User access rights to systems and data should be in line with defined and documented business needs and job requirements. Accurately managing user access rights addresses the issues of unintended or malicious modifications of data. Deficiencies in this area might allow unauthorized modifications that could lead to errors in reporting.

To achieve this control objective, administrators must periodically review the user access to files and programs to ensure the users have not accessed items outside of their role. Administrators should select a sample of users who have logged in to reporting servers and review their access for appropriateness based upon their job functions. Administrators must monitor and verify that all user access to programs and data. Review this access to ensure that there is segregation of duties as well as all access privileges are properly assigned and approved.

Reports and Alerts

Use the following link/reference to see the 11.6.1 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.