we will start discuss the security concept one by one. I am discussing the things based on my experience and the knowledge which I gathered from valuable material.
Our First Topic is about privileges in on the corporate environment, as all of us knows humans are the main cause of attacking either they known or the unknowingly they become victims for attack.
What is meant by unknowingly …? here our risk starts.
A study says most of the network are attacked due to the in-proper or poor privilege management from the user level. So how will the privilege have given. Here security study starts.
Labeling: Have to segregate data based on its sensitive and its Business Impact. I am going to label data based on its Sensitive data.
· Confidential – Data if its disclosed outside will cause a serious damage, example let’s say formula for making coke, company sensitive data if it’s disclosed it will lead to serious damage to the organization. Personal Information includes Bank Number data which leads to serious damage will also include confidential.
· Sensitive – Data which will give a negative impact but it will not create a serious damage to the corporate or individual.
· Public – These data are not sensitive, will all come in to this level.
So how the labeling is going to work, based on the Positon the user handling we have to provide privilege to the users. For Example, the account Manager have rights to access only the account related documents like employee salary not the employee attendance or employee leave Access.
Handling of data’s can be managed by providing ownership to the documents and the owner can grand privileges to his employees, Example Account Manager have rights to access all the data’s related to account department. He can grand read /full access to his team member based on the role his team member is handling. like Internal accounts employee can have only rights to access employee salary detail nothing else in the department. Same Accountant who is handling for payment of purchase he have only had rights to access Invoice payment only nothing else in his own department.
Each department will have data owner and the respective privileged employee, in centralized environment the whole data is controlled by data security professional. Privilege revocation will also have done in a fast manner if the employee is shifted to other department.
Will continued on next threat…