The Information Technology Security Manager should determine the company’s current state of access control, to develop a baseline for the IT Access Control Plan Template. After it is developed, ITSD106-1 IT ACCESS CONTROL PLAN should be submitted to Information Technology Managers for review and possible revision. The IT Access Control Plan Template should contain the following, at a minimum:
The Information Technology Security Manager should monitor the IT Access Control Plan (are systems, databases, etc., being used appropriately by the right people) by reviewing access logs, security logs, etc., on a periodic basis (once a week is recommended). Findings of such reviews should be reported to the Security Review Committee for its review and possible action.
There are no reviews yet.