Security Basics mailing list archives

Re: data level entitlements

From: Vic Vandal <vvandal () well com>
Date: Thu, 28 Jun 2012 15:08:40 -0700 (PDT)

Your question is a bit vague.  My interpretation of that term would be that you want to know about recording and 
tracking access approvals at the data level.  For example, an auditor asks to show evidence that access to a certain 
set of sensitive data was duly authorized, and that the data access is restricted to only those who have the documented 
authorization.  Who is entitled to access the data, who granted them that entitlement, when was it granted, is the 
access still valid, etc.

If that's what you mean, are you asking about references/links to commercial or open source apps to provide that sort 
of authorization tracking and reporting?
Most standard helpdesk ticketing systems can provide that view.  Someone requests access to some specific sensitive 
data, someone approves the access, and someone grants the access.  All of that information should be in the ticketing 
system, and then be available for reporting purposes as needed.  

If you need recurring (monthly/quarterly/annually) authorizations, there are some applications that can provide that 
sort of tracking and approval management.  I can't recommend any specific ones because I haven't used them personally.  
We use a home-grown system for that purpose where I work.

-Vic

----- Original Message -----
From: "Thugzclub" <thugzclub () googlemail com>
To: listbounce () securityfocus com, security-basics () securityfocus com, pen-test () securityfocus com
Sent: Thursday, June 28, 2012 3:07:12 PM
Subject: data level entitlements

All,

Does anybody know where I can get some info on "data level entitlements"

Cheers

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

web form filling bots Anwar Khan (Jun 28)
- Re: web form filling bots TAS (Jun 28)
- Re: web form filling bots Rob (Jun 28)
  - RE: web form filling bots Sandeep Cheema (Jun 28)
    - data level entitlements Thugzclub (Jun 28)
    - Re: data level entitlements Vic Vandal (Jun 28)
    - Re: data level entitlements Jeffrey Walton (Jun 28)
    - Message not available
    - Re: web form filling bots Anwar Khan (Jun 29)
    - Re: web form filling bots Tasos Laskos (Jun 29)
- RE: web form filling bots Nick Schroedl (Jun 28)
- Message not available
  - Re: web form filling bots Anwar Khan (Jun 28)
    - Re: web form filling bots Rob (Jun 28)