Skip to main content

Scenario S-005 - Privilege escalation through identity platform

Element	Description
Scenario ID	S-005
Target asset	Identity Management Platform responsible for authentication and authorization services
Threat source	External attacker or malicious insider
Attack vector	Weak role-based access control configuration or compromise of privileged service accounts
Potential impact	Privilege escalation allowing administrative control over identity services and associated platforms
Likelihood	🟨 Medium - identity systems are high-value targets and RBAC misconfigurations are a common weakness
Impact rating	🟥 High - administrative access to identity services can lead to compromise of multiple platforms and accounts
Risk rating	🟥 High

Mitigation:

Implement strict role-based access control with clearly defined privilege boundaries.
Enforce multi-factor authentication for administrative and service accounts.
Limit permissions assigned to service accounts following least privilege principles.
Regularly review identity roles, permissions, and account activity.
Monitor authentication and authorization events through centralized logging and SIEM.

Owners:

Ops - identity infrastructure maintenance and configuration.
Sec - access control policies, monitoring, and auditing.

References:

ISO 27001 - Control 8.2 Privileged access rights.
ISO 27001 - Control 8.3 Information access restriction.
NIST CSF - PR.AC Access Control.
NIST CSF - PR.PT Protective Technology.
EBIOS RM - Threat scenarios involving privilege escalation via identity or access management systems.

Response actions:

Containment - Immediately disable compromised accounts and restrict administrative access.
Eradication - Reset affected credentials, review RBAC configurations, and remove unauthorized privileges.
Recovery - Restore correct identity policies and verify integrity of authentication services.
Post-incident - Conduct access review, strengthen RBAC controls, and update monitoring rules.