Designating roles within a network is a simple control that most companies do not consider. Roles have clear benefits and the allocation of roles allows for the streamlining of the organisation while having large impact on ISO and general structure.
Roles
In the context of the article roles are restrictions and rights given to a role title in a network. An example of this would be finance in the network this role would need access to areas and information a production role would not.
Benefits of roles rights
Roles allows the access of specific documentations to be more easily monitored and viewed over. This allows a incident to be tracked easily as a list of users with access will be readily available. Limiting the damage a individual can do with limited access and having less customer data at risk due to less access lowers inherent risk.
More benefits
Onboarding of staff is easily done as this allows a form of checklist to be made for access for that role. As these are predefined a individual with a role will be associated with certain rights. This means when someone leaves for example in finance a checklist of what needs removing in assets and access is readily available.
Adjustments
If a user or group needs more or less access rights can easily be taken away or given meaning less downtime or issues occur. If an account or collection of accounts are compromised sweeping access restrictions are easier to put in place without hampering limited operations. Allowing quarantine of sections of the company quickly can reduce the harm an attacker does.
Summary
Access rights alongside roles and responsibilities’ are areas that influence roles and benefit from groups being created. Being able to disclose and know what groups are able to access information but also applying defined specifics outside of information security can help.
Our page on 27001 is available here.