|
A conversation on Radio 4 the other day discussing the recent data protection (or should that be data loss) stories reminded me of the most important and fundamental principle of information security, that is controlling who has access to your data. This is simply done by ensuring that every computer user in your organisation has their own unique identity. Users have their own log-on name and password and this gives them access to the data their role entitles them to access, and only that data. In practice this simple principle can fail badly for three reasons....
1) Users "help each other out" by sharing user names and passwords.
This often happens when users go on holiday or are away and make their
own arrangements for cover.
2) Poor or inefficient backend administration means that users don't
have access to the resources they legitimately need in a timely manner
so staff work around the issues.
3) Poor or inefficient backend administration that fails to properly
associate data with roles and so inadvertently allows access to people
who shouldn't have access.
There are technical solutions, such as tokens or biometrics, that
allow greater security than can be afforded by a simple user-name and
password but these are no defence unless the above points are dealt
with. Good IT Management requires proper and timely administration of
user identities with access to resources according to role, and proper
computer use policies and training to ensure that systems are used as
intended
|
|
|
Users' Comments  |
|
Average user rating
|
|
Add your comment
|
