LIST TYPICAL ACCESS CONTROL PRACTISES ADDRESSED IN A SECURITY REVIEW

1. Role-based access control: Ensuring that users have access to only the resources and data that are necessary for their role in the organization.

2. User access management: Properly managing user accounts, including creating, updating, and deactivating accounts as needed.

3. Authentication mechanisms: Reviewing the effectiveness of authentication methods used, such as passwords, biometrics, and multi-factor authentication.

4. Authorization policies: Reviewing the rules and policies that govern what actions users can take within the system, and ensuring that they are appropriate and enforced correctly.

5. Access logging and monitoring: Reviewing the logging of user access and activities, and ensuring that appropriate monitoring is in place to detect unauthorized access or suspicious behavior.

6. Physical access controls: Reviewing the physical security measures in place to prevent unauthorized access to facilities and systems.

7. Remote access: Reviewing the security controls in place for remote access, such as VPNs and secure connections, to ensure that they are secure and properly configured.

8. Privileged access: Reviewing how privileged accounts are managed and monitored, to prevent misuse or unauthorized access to critical systems and data.

9. Third-party access: Reviewing the access controls in place for third-party vendors and contractors who have access to systems or data, to ensure that they are properly managed and monitored.

10. Data access controls: Reviewing the access controls in place for sensitive data, including encryption, data masking, and access restrictions, to prevent unauthorized access or data breaches.