Skip to main content

Management Reviews

Updated Jan 30, 2024 ·

Key Responsibilities of Management

IT and security managers ensure operational security controls are followed, verifying both team and employee compliance with policies to minimize risks.

  • Double check work for accuracy and completeness.
  • Minimize fraud by fostering a culture of oversight.

Focus on Privileged Users

Privileged users, like system engineers, can override security controls, making it crucial to monitor their actions to prevent misuse.

  • Monitoring actions to ensure compliance with security policies.
  • Document and authorize any policy exceptions at a senior level.

Management Review of Privileged Actions

Managers regularly review privileged user activities to ensure compliance, often using logs to verify that actions are authorized and properly executed.

  • Review action logs regularly.
  • Verify actions either through complete checks or random sampling.

Account Management Reviews

Regular reviews of user accounts ensure that access permissions align with responsibilities and that all changes are authorized.

  • Ensure active users have the right permissions for their roles.
  • Document and approve account changes like privilege escalations or revocations.

For more information, please see Account Management Tasks.