• Create an Access Baseline. Generate a baseline of current access levels and controls in place.
  • Tie access controls by environment and by system.
  • Segregate Duties by Roles. The point of this policy is to split up access rights so that one person does not have access to multiple sections.
  • Apply the principle of Least Access. The doctrine says "if you don't need to work with it, you shouldn't have access to it."
  • Proper auditing and tracking of user activities.
  • Monitor unusual activities
  • Control remote access.