T 3.16 Incorrect administration of site and data access rights

Access rights to an IT system and access rights to stored data and IT applications must only be granted in the scope required for performing the corresponding tasks. If these rights are administered incorrectly, then the result can be disruptions to operations when the rights necessary are not granted or security gaps when the scope of the rights granted is greater than the scope of rights actually needed.

Example:

Due to incorrect administration of the access rights, an employee is provided with the ability to access the log data. By deleting specific entries in a targeted manner, the employee can to conceal his attempts to manipulate the computer, because they no longer appear in the log file.

© Federal Office for Information Security. All rights reserved.