Educause Security Discussion mailing list archives

Re: Data Classification - Data Request Process

From: Kees Leune <leune () ADELPHI EDU>
Date: Mon, 7 Apr 2014 15:35:06 -0400

I like to follow a role-based approach. Data owner defines roles with
associated access permissions, and supervising manager assigns persons to
roles allocated to their sphere of control. It is not perfect, but seems to
work reasonably well.

*Dr. Kees Leune*
Information Security Officer
Adelphi University
Garden City, NY
+1 (516) 877-3936


On Mon, Apr 7, 2014 at 3:26 PM, Amanda Williams <akwilliams () pittstate edu>wrote:

We are working on our data classification plan and was wondering what
process places used to grant users from "department A" access to data that
was owned/managed by "department B".

Thanks.

*Amanda Williams *
IT Security Officer
Pittsburg State University
620.235.4657

Current thread:

Data Classification - Data Request Process Amanda Williams (Apr 07)
- Re: Data Classification - Data Request Process Kees Leune (Apr 07)
- Re: Data Classification - Data Request Process Theresa Rowe (Apr 08)
- Re: Data Classification - Data Request Process Brian J Smith-Sweeney (Apr 08)
- Re: Data Classification - Data Request Process Cheryl O'Dell (Apr 08)