Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Implementing segregation of duties in an account management proce

from [jblackley] Network Security [Permanent Link]
Subject: Re: Implementing segregation of duties in an account management process
Date: 28 Jun 2005 14:57:11 -0000 
Andy,
I have implemented separation of duties through access control before - some 
time ago. I'll give you the 'cleaned-up' version of events (as I'm sure you're 
aware, nothing runs smoothly in such projects.)

First of all, we took a stance that it was the owners of data who have 
responsibility to define who should access their data. That meant providing, in 
the first instance, data owners with meaningful reports on who can access their 
data. In the second instance, we required data owners to respon to the reports 
by indicating which access was and was not appropriate. 

That response led us to changing quite a number of permissions - as you'll 
guess, that resulted in a lot of noise. In changing the permissions, we began 
to define a tighter role-based approach to granting permissions in the future.

That done (and it did take a significant amount of time) we then committed to 
regular review, by data owners, of access. However, due to the impact of the 
first exercise, we also were approached by managers to provide the 'other' 
reports - in other words, the hybrid approach you spoke of where we were 
providing two views of access (one by data for the owners and one by role for 
the managers). As I said though, this second view was requested as a result of 
the work we'd done with the first.

Hope this helps. Contact me directly if I can supply any more info.

John
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Implementing segregation of duties in an account management process, jblackley <=
Previous by Date:  RE: Implementing segregation of duties in an account management process, Jose Varghese
Next by Date:  Firewall Audit Policies/Procedures, Joshua Berry
Previous by Thread:  Re: Implementing segregation of duties in an account management process, Руслан Нестеров
Next by Thread:  Firewall Audit Policies/Procedures, Joshua Berry
Indexes:  [Date] [Thread] [Top] [All Lists]