Identity Protection - Risky users

Identity Protection - Risky users

anDREa monitors and evaluates for "Users at Risk" warnings.

User at risk detected
We detected a new user with at least high risk in your andreanl directory. This might be because we noticed suspicious account activity or we found their emails and passwords posted in a public location.

The course of action can differ, but can result in:
  1. Disable/block user(s)
  2. Revoke all active sessions of the user(s)
  3. Force to reset password of the user(s)
  4. Inform the involved user(s)
  5. Inform the relevant Support Team(s)
  6. Inform the involved Workspace Accountable(s)
  7. Inform the relevant (CI)SO(s)
The process that always is applicable: A.16.1.5 Response to information security incidents

How we know who might be at risk

Some people in at anDREa get an email, will examine the report and appropiate action is discussed.

Email



Example of such a report




    • Related Articles

    • 20210224 Pentest 2021-Q1 Report & 20210301 White Box Security Audit 2021-Q1 Report

      In accordance with our Pentest Program, anDREa engaged nSEC/Resilience for the anDREa White Box Security and the Pentesting 2021-Q1. The core questions being: Can non-authorized people or services access Workspaces or affect anDREa’s core services? ...

    • 20220713 Report Azure White Box Security Audit

      Version: 2022-07-14 Introduction anDREa has a Pentest Program program as part of the commitment to protect the security of its business information. At least once a year we request an external party to do the pentest and a white box security audit. ...

    • 20220607 Security Management Report

      As part of anDREa's commitment to maintaining an Information Security Management System (ISMS) based on ISO 27001 please feel free to download and read the attached anDRE's 20220607 Security Management Report.

    • 20230503 - Security Management Report

      anDREa's Security Officer annually provides the management board with the Security Management Report. An annual security management report is a key part of this auditing process. The report provides a summary of the organization's ISMS activities, ...

    • Data Protection Impact Assessment (DPIA)

      First version: 2021-05-13 Last updated: 2024-03-07 Last change: Added link to NEN-7510 article. Introduction anDREa is committed to the GDPR. The purpose of this document is to describe anDREa’s Data Protection Impact Assessment (DPIA). The template ...