Skip to content

MgnCoding2020/IAM-Access-Review-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
docs
docs
 
 
evidence
evidence
 
 
findings
findings
 
 
procedure
procedure
 
 
remediation
remediation
 
 
review-summary
review-summary
 
 
README.md
README.md
 
 

Repository files navigation

IAM Access Review Lab

Purpose

This repository will demonstrate a simulated quarterly access review process for a small-business environment.

The goal of this lab is to show how Identity and Access Management (IAM) governance activities are performed, documented, and tracked by a security or GRC analyst.

Organization Scenario

This lab uses a fictional company:

Burn and Churn Coffee

Company size:

  • 1 Business Owner
  • 1 Store Manager
  • 3 Shift Leaders
  • 14 Employees
  • 2 IT Vendors

Systems reviewed during access certification include:

  • Google Workspace
  • Toast POS
  • xtraCHEF inventory platform
  • QuickBooks Online
  • Store networking infrastructure

Repository Contents

This repository demonstrates the operational side of IAM governance, including:

  • Quarterly Access Review Procedure
  • Access Review Evidence Collection
  • Access Findings Documentation
  • Remediation Tracking
  • Access Review Summary

IAM Governance Workflow

flowchart TD

A[Access Control Policy] --> B[Access Review Procedure]

B --> C[Quarterly Access Review]

C --> D[Evidence Collection]
D --> E[VM Local Access Validation]

E --> F[Access Review Findings]

F --> G[Remediation Tracking]

G --> H[Security Control Improvements]

H --> I[Updated Password Policy Configuration]
Loading

Goal

This project demonstrates how a junior GRC or security analyst may perform and document an access certification review to validate:

  • Least privilege access
  • Removal of inactive accounts
  • Proper assignment of administrative privileges
  • Access alignment with job roles

Current Repository Artifacts

This repository currently includes:

  • Quarterly Access Review Procedure
  • Access Review Evidence
  • Access Review Findings
  • Remediation Tracker
  • Quarterly Review Summary

Project Focus

This lab demonstrates how a junior GRC, IAM, or security analyst may document and execute a quarterly access certification review for a small business environment.

About

Demonstrates an Identity & Access Management (IAM) governance workflow including access review procedures, evidence collection, findings, remediation tracking, and password policy hardening using a Windows lab environment.

Topics

iam cybersecurity grc identity-access-management access-review

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors