with regards to IT security.
where can i find help in these areas? developing them for a Small/meduim Business..
2007-03-12 02:14:03 · 1 answers · asked by G 1 in Computers & Internet ➔ Security
You've got to design this yourself. Each organization is going to have its own data structure, which typically mirrors their organizational structure. (ie accounting, management, payroll, human resources, etc.)
Your first step is to classify the information by function. What is the information for?
Your second step is to design access related to function. (ie. the accounting group has access to accounting data, payroll personnel have access to payroll, etc.). Access policy should mirror your plans for acceptable use (a manager may be able to view accounting information, but not modify it, for example; or sales staff may be able to view sales data, but only the sales manager can modify it, etc.)
The third step is to create a written "acceptable use" policy for those who have been granted access. This is a legal document, and should be signed by all employees. In effect, they should agree that, in return for being given access to data, they are to use it only in accordance with company guidelines. (Someone in payroll can use the data to figure paychecks, but not to gossip about how much anyone is earning; managers can use data to perform their jobs, but not disseminate it to competitors, etc.).
On critical data files, access logging should be enabled and monitored to ensure polices are being followed.
2007-03-12 07:48:23 · answer #1 · answered by antirion 5 · 0⤊ 0⤋