The Increasing Problems Of Controlling Access
-
date post
22-Oct-2014 -
Category
Business
-
view
661 -
download
0
description
Transcript of The Increasing Problems Of Controlling Access
![Page 1: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/1.jpg)
The Increasing Problems of Controlling Access
Presentation to RMAA Seminar13 May 2008
Kylie DunnKnowledge & Records Manager
Department of State and Regional Development
![Page 2: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/2.jpg)
Outline
PolicySystem access
controlsCommunication
Technology’s roleAccess Models
Staff development
![Page 3: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/3.jpg)
…but I digress…
![Page 4: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/4.jpg)
AS ISO 15489 Requirements
…both within an organization and to external users.
![Page 5: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/5.jpg)
…assigning access status to both records and individuals.
![Page 6: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/6.jpg)
…categorized according to their access status…
![Page 7: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/7.jpg)
…specify access permissions to records relating to their
area of responsibility.
![Page 8: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/8.jpg)
The ANAO
Audit Report No. 7 1999-2000 – Operation of Classification
System for Protecting Sensitive Information
![Page 9: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/9.jpg)
Many staff did not have a detailed understanding…
![Page 10: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/10.jpg)
All organisations incorrectly classified files with over-classification being the
most common occurrence.
![Page 11: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/11.jpg)
2.27 To achieve an effective control environment over information
security it is expected…
![Page 12: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/12.jpg)
Managing risk
![Page 13: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/13.jpg)
Risk averse
![Page 14: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/14.jpg)
Technology averse
![Page 15: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/15.jpg)
Policies and training
![Page 16: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/16.jpg)
Pre-digital age
![Page 17: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/17.jpg)
![Page 18: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/18.jpg)
The good old days?The good old days?
![Page 19: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/19.jpg)
Applying electronic access
![Page 20: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/20.jpg)
Shared drives
Time consumingLow fidelityNot simple
![Page 21: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/21.jpg)
EDM Systems
Greater AuditingEasier privileges
Taking a record out?
![Page 22: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/22.jpg)
Databases
![Page 23: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/23.jpg)
ANAO Audit Report No.45 2001–02
Assurance and Control Assessment Audit -
Recordkeeping
…business records that were managed through systems that were not recognised and developed as recordkeeping systems
![Page 24: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/24.jpg)
Databases
Depends on developerAnything is possible Relies on time & $$
![Page 25: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/25.jpg)
Websites
Page lockdownsContent Management System
Some audit logs
![Page 26: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/26.jpg)
Strong reliance on user
![Page 27: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/27.jpg)
Communicating/transferring
![Page 28: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/28.jpg)
AccessStorageSecure
![Page 29: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/29.jpg)
Using the “Cloud”
![Page 30: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/30.jpg)
How safe is it?
“The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami - an entry point that led the hackers to eventually break into TJX's central databases.”
theage.com.au (31/12/07)
![Page 31: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/31.jpg)
Safer than our own staff?
![Page 32: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/32.jpg)
Loss of control
![Page 33: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/33.jpg)
Applying security
![Page 34: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/34.jpg)
Staff need to get it right
![Page 35: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/35.jpg)
Over-classification
Increased managementIncreased costs
Limits legitimate access
![Page 36: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/36.jpg)
Under-classification
Permits non-legitimate accessReliance on others
![Page 37: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/37.jpg)
Not all about systems
![Page 38: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/38.jpg)
…but technology helps
![Page 39: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/39.jpg)
Access Models
![Page 40: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/40.jpg)
![Page 41: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/41.jpg)
Anatomy of an Access Model
SystemSecurity Requirements Policy statementsDefinition of groupingsExceptionsDefined permissionsPermission allocations –
data/individuals
![Page 42: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/42.jpg)
Hard to maintain accurately
![Page 43: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/43.jpg)
Staff awareness
![Page 44: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/44.jpg)
Storing
![Page 45: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/45.jpg)
Transmitting
![Page 46: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/46.jpg)
Cost of getting it wrong
![Page 47: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/47.jpg)
Need-to-Know Need-to-Share
![Page 48: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/48.jpg)
Needs to be easy
![Page 49: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/49.jpg)
Role of Records Staff?
![Page 50: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/50.jpg)
Advisory
![Page 51: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/51.jpg)
Policy into Procedure
![Page 52: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/52.jpg)
Training staff
![Page 53: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/53.jpg)
Access Models
![Page 54: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/54.jpg)
No quick fix
![Page 55: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/55.jpg)
Managing risks
![Page 56: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/56.jpg)
Technology helps
![Page 57: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/57.jpg)
Access model is a must
![Page 58: The Increasing Problems Of Controlling Access](https://reader030.fdocuments.in/reader030/viewer/2022020206/5447817cafaf9f1e708b4596/html5/thumbnails/58.jpg)
Staff need to understand