ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 24
CONTROL 05
05 - Account Management
Safeguards Total
6
IG1
4/6
IG2
6/6
THE SAFEGUARDS
IG3
6/6
Use processes and tools to assign and manage authorisation to credentials
for user accounts, including administrator accounts, as well as service
accounts, to enterprise assets and software.
5.1
Establish and Maintain an
Inventory of Accounts
5.2
Use Unique Passwords
5.3
Disable Dormant Accounts
Users
Users
Users
Protect
Respond
5.4 Restrict Administrator
Privileges to Dedicated
Administrator Accounts
Why Is This CIS Control Critical?
Users
It is easier for an external or internal
threat actor to gain unauthorised access
to enterprise assets or data through
using valid user credentials than through
“hacking” the environment. There are
many ways to covertly obtain access to
user accounts, including: weak passwords,
accounts still valid after a user leaves
the enterprise, dormant or lingering test
accounts, shared accounts that have not
been changed in months or years, service
Identify
accounts embedded in applications for
scripts, a user having the same password
as one they use for an online account
that has been compromised (in a public
password dump), social engineering a user
to give their password, or using malware
to capture passwords or tokens in memory
or over the network.
Protect
5.5
Establish and Maintain an
Inventory of Service Accounts
5.6
Centralise Account
Management
Users
Users
Identify
Protect
Administrative, or highly privileged,
accounts are a particular target, because
they allow attackers to add other accounts,
or make changes to assets that could
make them more vulnerable to other
attacks. Service accounts are also sensitive,
as they are often shared among teams,
internal and external to the enterprise, and
sometimes not known about, only to be
revealed in standard account management
audits.
Finally, account logging and monitoring is a
critical component of security operations.
24
Did You Know?
98% of Microsoft Windows critical vulnerabilities could be mitigated by removing
administrative rights from end-user systems. There’s amazing Zero Trust tools available to
help make ongoing management of this much easier.
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
