These are general guidelines that should be adapted to your internal security processes for managing your sensitive data. These rules are not meant to be all encompassing, but can be used as a starting point for a comprehensive internal application usage policy.
Olafe has security experts on staff that can provide guidance or participate in your policy review process. Please contact us with your specific concerns.
Configuration
Olafe has security experts on staff that can provide guidance or participate in your policy review process. Please contact us with your specific concerns.
Configuration
- Authentication
- Every user must have their own account
- Functional accounts should be known, but never used, by staff
- Only key IT/management staff must know administrative accounts
- Authorization
- User accounts should only be granted access to data/function needed to perform their required job function
- If necessary, there should be tiers of access
- Accounting
- Full logging should be enabled for all types of functions that are deemed critical to the security of the data
- No one should have access to the logs
- The logs should be transferred to another system, and reviewed there
- Formalization
- All of the internal processes and procedures have to documented and communicated
- The documented processes should be periodially reviewed to make sure they comply with changing laws or different technologies
- Review
- Key transactions should be review by staff other than the ones that performed the transaction
- Periodic reviews should be performed to see if users' authorized rights are still required for their current job function
Comments
0 comments
Article is closed for comments.