RSM427H1 Lecture Notes - Lecture 10: Access Control List, Abn Amro, Acceptance Testing

Policies and procedures have been developed for logical access controls and baseline security standards. Access reviews are performed periodically to confirm they are still as granted and that they correspond to the user"s a(cid:374)d the orga(cid:374)izatio(cid:374)"s (cid:374)eeds. User accounts of individuals who have left the company are removed and/or disabled in a timely manner. All systems require authentication and have controls over user accounts and passwords. Passwords are in line with the group policy consisting of: Initial passwords assigned to new users are set to expire on first login. The minimum length for user passwords is at least six (6) characters and is configured in the system accordingly. A combination of letters (lower and uppercase) and digits is required and is this configured in the system accordingly. The number of failed login attempts before system lockout is three. For the activity that are deviated from the policy but still processed are approved by management.