Security Basics mailing list archives
Re: data level entitlements
From: Vic Vandal <vvandal () well com>
Date: Thu, 28 Jun 2012 15:08:40 -0700 (PDT)
Your question is a bit vague. My interpretation of that term would be that you want to know about recording and tracking access approvals at the data level. For example, an auditor asks to show evidence that access to a certain set of sensitive data was duly authorized, and that the data access is restricted to only those who have the documented authorization. Who is entitled to access the data, who granted them that entitlement, when was it granted, is the access still valid, etc. If that's what you mean, are you asking about references/links to commercial or open source apps to provide that sort of authorization tracking and reporting? Most standard helpdesk ticketing systems can provide that view. Someone requests access to some specific sensitive data, someone approves the access, and someone grants the access. All of that information should be in the ticketing system, and then be available for reporting purposes as needed. If you need recurring (monthly/quarterly/annually) authorizations, there are some applications that can provide that sort of tracking and approval management. I can't recommend any specific ones because I haven't used them personally. We use a home-grown system for that purpose where I work. -Vic ----- Original Message ----- From: "Thugzclub" <thugzclub () googlemail com> To: listbounce () securityfocus com, security-basics () securityfocus com, pen-test () securityfocus com Sent: Thursday, June 28, 2012 3:07:12 PM Subject: data level entitlements All, Does anybody know where I can get some info on "data level entitlements" Cheers ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- web form filling bots Anwar Khan (Jun 28)
- Re: web form filling bots TAS (Jun 28)
- Re: web form filling bots Rob (Jun 28)
- RE: web form filling bots Sandeep Cheema (Jun 28)
- data level entitlements Thugzclub (Jun 28)
- Re: data level entitlements Vic Vandal (Jun 28)
- Re: data level entitlements Jeffrey Walton (Jun 28)
- Message not available
- Re: web form filling bots Anwar Khan (Jun 29)
- Re: web form filling bots Tasos Laskos (Jun 29)
- RE: web form filling bots Sandeep Cheema (Jun 28)
- Re: web form filling bots Anwar Khan (Jun 28)
- Re: web form filling bots Rob (Jun 28)