Policy Example SunSpot Credit Union Computer Incident Response Team—Access & Authorization Policy 1.0 Policy Statement This policy applies to SunSpot Credit Union employees, temporary workers, contractors, and consultants who use or access SunSpot Credit Union information systems and computers. 2.0 Purpose/Objectives Definitions for this policy are as follows: SunSpot Credit Union: (SCU). Incident Response Team:… Read More »
SunSpot Health Care Provider Remote Access Policy for Remote Workers & Medical Clinics 1.0 Policy Statement It is SunSpot Health Care Provider (SHCP) policy to protect Information Resources based on risk against accidental or unauthorized disclosure, modification, or destruction, and assure the Confidentiality, Integrity, and Availability (CIA) of clinic and patient data. Apply appropriate physical and… Read More »
Bring Your Own Device (BYOD): Organizations allowing employees to use their own personal devices such as smart phone and tablets to conduct organization business. The SANS Reading Room article, SANS Survey on Mobility/BYOD Security Policies and Practices found that 61% of organizations allowed personal devices to connect to protected company systems, but only 9% of organizations were truly… Read More »
Roles in Database Security Separation of duties state that no user should be given enough privileges to misuse a system on their own. Roles establish separation of duties by breaking down user privilege to job duty requirements. A Role is a group of individual privileges that correlate to a users job responsibilities. Example, a role is created named… Read More »
Database Transactional Based Fraud, Transaction Security, and the “Halloween Problem.” Many database attacks are directed at external interfaces and intended to cause delays in accessing or using data which includes malicious transactions. The main concern with malicious transactions is danger to data integrity and availability. Currently, there is no practical mechanism that identifies attackers executing malicious transactions. Ayushi,… Read More »
Access Control List – ACL, DACL, SACL, ACE Solomon (2014) states that an Access Control List (ACL) is a list of access control rules that can be applied to a specific object. ACL’s that are used in in Windows are considered discretionary so they are also known as Discretionary Access Control Lists (DACL). DACL’s consists of one or… Read More »