© SidorArt/Shutterstock.
CHAPTER 8
Compliance Within the User Domain
THE MORE USERS ON a system, the more valuable the services become. This telecommunication concept is called Metcalfe’s law. If there were only two telephones on the system, the value of the network would be very limited. At any given time only two people could talk. But add millions of phones, and suddenly the value of the system increases exponentially. This exponential factor is also true when it comes to information security risks. As the number of people accessing your network increases so does the number of risks. As the population of users on your network rises so does the need to access information and the complexity of the security that must be provided. Inevitably, this complexity of information security controls leads to gaps in the protection of the information through the intentional and unintentional actions of users.
Effective audits can identify these gaps and noncompliance controls. In this chapter, we will examine different types and elements to be included in a User Domain audit. We will discuss user access needs and how those needs lead to risks that must be controlled and audited.