Month: January 2014

Role Based Security, Part 1 of 4

One of my favorite management concepts is Job Role security.

The core of job role security is the logical extension of Role Based Access Control that comes from aligning job function (more specifically task oriented work groups) to security rights.   This alignment both accelerates IMAC operations and reduces complexity of compliance events by directly relating the majority cause of permissions changes to the resulting effective permissions. It’s a methodology for concrete tactical security based on a heuristic simplification of implied access, but it’s rarely implemented (probably because it is based on heuristics, not on definition or queried permissions, which are both easier to CYA).

This concludes the buzzword portion of our broadcast.

In simple(-er) English, it means that the access a user is granted by the company is connected to the job that company has asked them to do.

  1. We have hired you to do job A.
  2. Job A requires access rights B.
  3. Therefore we will grant you the access rights B as long as you are doing job A

(more…)

Advertisements