Identify From Whom It Is Being Protected
Defining access is an exercise in understanding how each system and network component is accessed. Your network might have a system to support network-based authentication and another supporting intranet-like services, but are all the systems accessed like this? How is data accessed among systems? By understanding how information resources are accessed, you should be able to identify on whom your policies should concentrate. Some considerations for data access are
Authorized and unauthorized access to resources and/or information
Unintended and/or unauthorized disclosure of information
Outline enforcement procedures
Bugs and user errors
Primarily, the focus will be on who can access resources and under ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.