Risk R-006 - Privilege escalation via Identity Management Platform
| Field | Value |
|---|---|
| Risk ID | R-006 |
| Asset | Identity Management Platform (Platform – Owner: Sec) |
| Scenario | S-005 - Privilege escalation through identity platform |
| Likelihood | 🟧 Possible - weak RBAC or compromised service accounts can enable privilege escalation |
| Impact | 🟥 High - administrator access can lead to full control of user identities and internal platforms |
| Risk Level | 🟥 High |
| Owner | Sec |
| Last Review | 2026-03-08 |
| Next Review | 2026-09-08 |
Associated Controls:
- Enforce strong RBAC policies, limit administrative roles to minimal required accounts.
- Use multi-factor authentication (MFA) for privileged accounts.
- Regularly rotate service account credentials and use short-lived tokens where possible.
- Monitor authentication events and privilege escalations in real-time via SIEM.
- Audit identity platform configurations and access logs regularly.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.2 Privileged access rights.
- ISO 27001 - Control 8.16 Monitoring activities.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control.
- NIST CSF - DE.CM Continuous Monitoring.
- NIST CSF - ID.AM Asset Management.
- EBIOS RM - Analysis of risks related to identity compromise and privilege escalation.
Response Actions:
- Containment - Disable or suspend compromised accounts immediately.
- Eradication - Revoke all elevated privileges, reset credentials, and patch misconfigurations.
- Recovery - Restore correct role assignments and verify no unauthorized changes persist.
- Post-incident - Conduct root cause analysis, review RBAC policies, and update identity management hardening guidelines.