Account monitoring

- [Narrator] Security administrators must pay careful…attention to the permissions and use of end user accounts…to protect against security incidents.…Two major account administration issues…face security professionals.…The first is inaccurate permissions assigned to accounts…that either prevent a user from doing his or her work…or violate the principle of least privilege.…These permissions are often the result of privilege creep,…a condition that occurs when users switch jobs…and gain new permissions but never have…their old permissions revoked.…

The second issue is the unauthorized use of permissions…either by someone other than the legitimate user…accessing the account or by the user performing…some illegitimate action.…To protect against the first issue, administrators should…perform regular user access reviews…in cooperation with managers from around the organization.…During each review administrators should pull a listing…of all of the permissions assigned to each account…and then review that listing with managers…