IT Week homepage
« The Eee can hold its own against laptops | Main | Personalising the IT helpdesk »
How best to control user access to data
It is questionable whether many public sector bodies are able to easily demonstrate that only the appropriate people are accessing the data they need to perform their jobs (Data protection must be global, 18 February). Policy enforcement, activity monitoring and forensic analysis must surely form a part of any organisation’s assurance that the proper controls are in place. Paper-based systems, vague trust status and correction of incidents after the event are unacceptable.
The first steps must be to define a top-down business model for complying with internal policies governing users and their access privileges. Only then can risk points be identified and an approach formulated to resolve the primary issues of who is accessing what data and whether access is appropriate for the task they are undertaking.
Mike Nelsey, Enline
March 4, 2008 in Security | Permalink
