Some users may fail in their first couple of attempts to sign on to the system because they have forgotten their password. This is understandable. A large number of invalid sign-on attempts, however, may indicate that someone is trying to "crack" a password or to access an account to which they are not authorized. Regular auditing should monitor the number of invalid sign-on attempts per profile.
The Invalid Sign-On Attempts report will show the number of invalid sign-ons since the last successful sign-on, but if you have security auditing turned on using the QAUDLVL system value, all invalid attempts to access data will be recorded to the security audit journal, including all failed sign-on attempts.
Use the Compliance Monitor 'Invalid Sign-on Attempts' report to monitor all invalid sign-on attempts.
COBIT DS5.3 - Identity Management
All users (internal, external and temporary) and their activity on IT systems (business application, system operation, development and maintenance) should be uniquely identifiable. User access rights to systems and data should be in line with defined and documented business needs and job requirements.
COBIT DS5.4 – User Account Management
Ensure that requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges are addressed by user account management. An approval procedure outlining the data or system owner granting the access privileges should be included.
COBIT DS5.5 - Security Testing, Surveillance and Monitoring
Ensure that IT security implementation is tested and monitored proactively. IT security should be reaccredited periodically to ensure the approved security level is maintained. A logging and monitoring function enables the early detection of unusual or abnormal activities that may need to be addressed.
ISO 27002 (17799) 11.2.4 - Review of User Access Rights
Management should review users' access rights at regular intervals using a formal process.
© 2010 The PowerTech Group, Inc.
All Rights Reserved