IS Decisions logo

A failure to enforce unique employee logins for ISO 27001 compliance

A key element of ISO 27001 compliance is unique employee logins. The legal and law enforcement sector risks compliance and security issues by failing to provide and enforce unique employee logins.

Published January 13, 2016
A failure to enforce unique employee logins for ISO 27001 compliance

The legal and law enforcement sector risks compliance and security issues by failing to provide and enforce unique employee logins.

Our report, Legal and Law Enforcement: Information Access Compliance, found that despite requirements by global regulatory standard ISO 27001, 31% of employees in the U.S. and U.K. legal and law enforcement sectors do not have a unique user login for their employer’s network and 24% do not require a login for access at all.

What's more, only 33% of workers are prevented from concurrent logins on multiple machines, which not only puts information at risk but also narrows the options for investigation should something go wrong.

IS0 27001 and users network access

Pertinent information such as case files, identity profiles and confidential statements can potentially and unknowingly become compromised if there isn’t strong network access controls and monitoring in place. Naturally in order to best manage access to each individual user’s requirement, you need to be able to identify individual users, for which unique logins are an absolute must.

Not only does unique user identification allow you to restrict network and data access on a "need to know" basis, it is also essential in tracking and monitoring. If a breach does occur, you cannot detect how it occurred without being able to identify individuals and their network access activity.

Read more about how to mitigate the risk of network access security breaches for compliance standards such as ISO 27001, FISMA, DPA, and Lexcel compliance.

Go beyond IS0 27001 compliance

The research results revealed in this report show that legal firms and law enforcement agencies across the U.K. and the U.S. have significant areas for improvement. Our guide goes into more detail on how to comply to IS0 27001 and other regulations (FISMA, DPA, and Lexcel) around user access security.

However it is important to note that meeting a set standard does not mean "job done." Although the IS0 27001 standard offers a lot of good guidance, there is always more that can be achieved. Security is not black or white, it is a process of mitigating risk to the most achievable degree, and often ISO 27001 compliance is the minimum requirement, not the end goal.

XFacebookLinkedIn
Chris BunnDirecteur Général

Try UserLock for free

3400+ organizations like yours choose UserLock to secure access for Active Directory identities and meet compliance requirements.

Download a free trial