A.9.4.4 Use of Privileged Utility Programs
Audit Question : Have you documented how your organization restricts and monitors the use of utilities on systems that may be able to bypass system and application protection measures?
Can you please explain this Point. Does it mean that the Organization needs to keep a check on the limited no of Privileged Rights?
Hi Rhand, how do we retrict and monitor users from downloading or installing applications that aren't approved? We can provide users the list of applications and inform only new applications can be approved by the CTO prior to downloading.
Some solutions to restrict software download or installation you can apply are:
Configure workstations so users do not have access rights to install software
Configure firewall rules so specific files (e.g., the name of the file related to the non allowed application), or specific types of files (e.g., executable files, zip files, etc.), cannot be downloaded
Some solutions to monitor such activities is to configure logging both on workstation and firewall and periodically review such logs to identify policy breaches.
Of course, each solution has its pros and cons, in terms of cost and effort, so you need to evaluate which solutions would be best for your organization.