Information is a sensitive asset. Ensuring the secure handling of it can be challenging, especially for small, medium-sized companies and institutions. One way to address this issue: Access management. How can this be done and what role does the BSI play in this? We have summarised it for you.
But first: Who or what is the BSI?
BSI is the abbreviation for the Federal Office for Information Security. The central IT security service provider of the federal government in German accompanies the topic of information security through prevention, detection and reaction. The specifically formulated main tasks of the BSI are to inform, advise, develop and certify.
What does access management mean according to the BSI?
A definition of access management can be found in the IT-Grundschutz Methodology of the BSI:
ORP.4 / 1.1:
Access management is about whether and how users or IT components are allowed to access and use information or services, i.e. to grant or deny them access, entry or access based on the user profile. Access management refers to the processes required to assign, revoke and control access rights.
Access management according to BSI – how to do it correctly?
The BSI specifies several requirements that must be considered in access management. Thus:
- User set-ups and deletions must be carried out by a separate administrative unit
- Access rights must be assigned according to daily needs and rights that are no longer required must be removed directly
- Access authorisations and their changes must be documented
- Documentation of assigned access rights and roles is carried out regularly to ensure that it is up to date.
- The use of passwords should be standardised and binding within the company, and the same password should not be used for different systems.
- Passwords must be resettable by means of a secure procedure.
To meet these requirements, there are software solutions that support and relieve IT administrators. The manual, operational effort can be reduced siginificantly and data security can be increased at the same time.
The BAYOOSOFT Access Manager involves the end users and data managers in the access management process. Access rights requests are processed directly at the relevant points. This not only saves time and money, but is also essential for audit-proof documentation of all authorisations.
Forgotten passwords can be easily reset using various authentication procedures, so that the employee can get back to work as quickly as possible.