8.2 Privileged Access Rights

Control

The allocation and use of privileged access rights should be restricted and managed.

Purpose

In information security, privileged access rights refer to the authorization and permissions that allow certain users or systems to perform certain actions or access certain information on a network or system.

Implementation Guidance

These privileged users or systems have more access and control than regular users, and as such, their actions and access must be closely monitored and controlled to minimize the risk of unauthorised access or misuse. Examples of privileged access rights include:

  • Administrator accounts on a computer or network.
  • Root access on a UNIX or Linux system, Windows, and cloud platforms.
  • Access to sensitive data such as financial information or personal information.
  • The ability to install software, make configuration changes, or access sensitive system files.
    • It is important to limit the number of individuals who have privileged access rights and to regularly review and revoke access as needed. Additionally, it is important to implement strong authentication and access controls to ensure that only authorised individuals can access privileged resources and that all privileged access attempts are logged and audited.Implementing privileged access management (PAM) solutions is also a good practice to monitor and control privileged access, it includes features such as multi-factor authentication, real-time monitoring, session management, and automated access provisioning.

ISO 27001

Find out more about our ISO 27001 Consultancy Services
ISO 27001 Consultancy
< Back to Controls
ISO 27001:2022

Technological Controls

AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!

Got a question or need help? Don't hesitate to reach out to our team.

Need help with an ISO?

By filling out this form, you agree to the terms laid out in our privacy policy
Thanks, We'll reply asap
Request Failed to send, please check fields

27002:2022 Related Controls

CLick to view control
8.1 User Endpoint Devices
8.2 Privileged Access Rights
8.3 Information Access Restriction
8.4 Access to Source Code
8.5 Secure Authentication
8.6 Capacity Management
8.7 Protection Against Malware
8.8 Management of Technical Vulnerabilities
8.9 Configuration Management
8.10 Information Deletion
8.11 Data Masking
8.12 Data Leakage Prevention
8.13 Information Backup
8.14 Redundancy of Information Processing Facilities
8.15 Logging
8.16 Monitoring Activities
8.17-Clock-Synchronisation
8.18 Use of Privileged Utility Programs
8.19 Installation of Software on Operational Systems
8.20 Networks Security
8.21 Security of Network Services
8.22 Segregation of Networks
8.23 Web Filtering
8.24 Use of Cryptography
8.25 Secure Development Life Cycle
8.26 Application Security Requirements
8.27 Secure System Architecture and Engineering Principles
8.28 Secure Coding
8.29 Security Testing in Development and Acceptance
8.30 Outsourced Development
8.31 Separation of Development, Test and Production Environments
8.32 Change Management
8.33 Test Information
8.34 Protection of Information Systems During Audit Testing
ask a question

If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
ISO consultants kent
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Continue To Site