5.16 Identity Management

The full life cycle of identities should be managed.

To ensure the right people and other interacting systems have the required access to the organisation’s resources. Also, making certain that appropriate access rights have been given.

Identity management is a crucial practice. It requires logging, monitoring, and reviewing the access rights of individuals and systems to the organisation’s assets and associated resources. Identity management includes both humans and other digital systems interacting with the organisation’s resources. While human interaction is a straight concept to understand, other system interactions could be difficult to contemplate. System interaction may include instances such as third-party apps accessing company resources to provide or facilitate a service. For instance, a third-party system might need access to crucial documents for daily, weekly, or monthly backups. The organisation should consider reviewing the system’s access level and understanding that what they are signing for. It is possible the automated systems include extra activities that are not supposed to be there. It is a recommended practice for an organisation to map the access rights of interactions, whether they’re human or other systems. Some refer to this practice as Interaction modelling. However, understanding interaction modelling could be a daunting and difficult task.