ONEWEB Business Application Platform
6.6.2. Best practice for Data Access Management
- Create an Access Baseline. Generate a baseline of current access levels and controls in place.
- Tie access controls by environment and by system.
- Segregate Duties by Roles. The point of this policy is to split up access rights so that one person does not have access to multiple sections.
- Apply the principle of Least Access. The doctrine says "if you don't need to work with it, you shouldn't have access to it."
- Proper auditing and tracking of user activities.
- Monitor unusual activities
- Control remote access.