Confirming a User’s Identity

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

It is critical that Help Desk Administrators verify the end user’s identity before performing any Help Desk operations on the user’s behalf. Recommended actions include:

  • Call the end user back on a phone owned by the organization and on a number that is already stored in the system.
  • Note:  Be wary of using mobile phones for identity confirmation, even if they are owned by the company, as mobile phone numbers are often stored in locations that are vulnerable to tampering or social engineering.

  • Send the user an e-mail to a company e-mail address. If possible, use encrypted e-mail.
  • Work with the employee’s manager to verify the user’s identity.
  • Verify the identity in person.
  • Use multiple open-ended questions from employee records (for example: Name one person in your group; What is your badge number?). Avoid yes/no questions.

 

 


Attachments

    Outcomes