What role-based access control (RBAC) best practices are most important when it comes to periodic reviews and updates for roles/permissions?

Identity & Access Management (IAM)Process Management Risk Management

1.8k views4 Comments

Sort By:

Oldest

Vice President in Bankinga month ago

Someone posted similar question here. Refer https://www.gartner.com/peer-community/post/we-looking-at-implementing-role-based-access-controls-some-our-saas-platforms-due-to-entry-emerging-markets-anyone-have-best

Director of IT in Energy and Utilitiesa month ago

Automate as much as you can. Manual anything creates too much risk and consequence quickly can be dire.

CISO in Bankinga month ago

Periodic reviews and updates of roles and permissions within an RBAC system are critical to maintaining security and operational efficiency. One best practice is the principle of least privilege, ensuring that users have the minimum necessary access to perform their functions. Regularly auditing roles to identify and remove unnecessary or outdated permissions helps reduce the attack surface and prevents privilege creep. Additionally, involving business units in the review process ensures that the roles align with current organizational needs. Automating these reviews where possible, using tools that flag anomalies or changes in user roles, can streamline the process and maintain the integrity of the RBAC system. These practices are essential for keeping the system agile and secure.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

CISO/CPO & Adjunct Law Professor in Finance (non-banking)a month ago

Having a good control process, ideally groups and repeatable, transparent, automated processes. The process should also make reporting and tracking simple, the value will become apparent in the first audit.

Content you might like

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability Management Security Strategy & Roadmap

Director of IT in IT Services4 days ago

Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.

1.4k views1 Comment

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & Leadership Strategy & Architecture Cloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

Can anyone help me figure out the market size of metadata management tools in the UK? I can see the market size globally for metadata platforms but not specific to UK or region.

Process Management Management Tools Vendor/Product Assessment+1 more

IT Manager in Construction5 days ago

Hello,
I had a look and it seems available for free can be easily find European and global market but there are a bunch of company with commercial reports for UK. I will search more.

2k views1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & Platforms Cloud Data & Analytics+15 more

Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago

Strategy & Architecture

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & Collaboration Security & GRC Device Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results

2.4k views2 Upvotes