troubleshooting Question

Testing whether access privileges granted a network user are appropriate.

FCCCHURCH asked on
OS Security
5 Comments3 Solutions291 ViewsLast Modified:
I'm auditing a control for Sarbanes-Oxley purposes, which makes the following assertion:

"...newly hired, and temporary (contract) employees are granted a basic set of network privileges.  Access in excess of these pre-defined privileges are granted only upon receipt of a valid approved request."

I would like to know where to look in order to ascertain the initial (or current) privileges for any given user.  This will allow me to evaluate those privileges against the standard, and determine whether they exceed what should be given by default.  Then, I can look further to determine whether the privileges in excess of the default have been specifically approved, as the control requires.

Are there multiple places I should look to determine current network privileges?  Dates those privileges were granted would be equally helpful, in that they would help me as I try to locate evidence that the additional privileges were appropriately authorized.  I'm going to have lots more questions like this over the next few days, so the more specific your guidance is, the more helpful I'll find it.


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 3 Answers and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros