Your network security and risk management strategies have to account for a complex and constantly changing IT environment. Understanding the key identity and access metrics helps you incorporate effective identity access management throughout your organization. These metrics provide valuable insight into the devices connecting to the network, the amount of inactive user accounts, which users have high-level privileges, the frequency of password changes, and whether there are issues with account access.
1. Number of Devices Actually Connected to the Network
It's common for many workplaces to have bring your own device (BOYD) policies, or to have employees who choose to use personal devices with or without a BYOD policy. You need to know how many devices are actually connected to the network, as opposed to the company-approved number of devices. These figures don't always match up, and effective identity access management requires working from a complete set of network information. If you're trying to avoid a BYOD network due to the potential risk, this also reveals whether you need to put measures in place to cut down on unauthorized device access.
2. Administrator Privilege Metrics
Do too many people have access to account privileges they don't really need? Sometimes risk comes from users who have too many privileges, especially if these privileges aren't being tracked. This type of risk can also extend to vendor risk management, if third-party vendors need access to specific network privileges, so take this into account during risk assessment. Track privileged accounts and the amount of active accounts to mitigate the potential for insider threats. Pay attention to whether these accounts use the privileges given, as you may be better off with more user account levels with fewer permissions.
3. Frequency of Password Changes
Frequent password changes help you minimize potential account compromises occurring from data breaches. Track how often password changes occur within your organization, and consider implementing policies that increase the frequency of these changes. This type of policy meshes well with password-creation guidelines or requirements, such as a specific number of special characters in the passwords.
4. Number of Abandoned Accounts
Accounts associated with employees no longer with the organization, as well as temporary access accounts created for vendors and other third-parties, are vectors for potential unauthorized access. Track how many abandoned accounts exist on the network, and keep this number at a minimum.
5. Number of Invalid Login Attempts and Account Lockouts
Watch for invalid login attempts and account lockout numbers. This metric indicates one of two possibilities: either users need better training on account access and password management, or a possible hack attack is occurring.
Need professional risk management consulting to track network identity and access metrics? Contact Garland Heart to get the help you need to improve your risk management.