In the Indentiy Management presentation by Roger Grimes at Tech 2005 and he’s talking about
- Identification – who I am
- Authentication – prove it
- Authorization – can I access that object?
- Accountability – who did what?
So many times in SBSland we don’t take the time to worry about the last two. We don’t set specific permissions to files, parts etc. Yesterday I was asked by a CPA on the best way to allow a client to have access to their own financial reporting and nothing else and it’s a matter of permissions isn’t it?
Do we take the time to set permissions appropriately to shared files..heck no, we open up the whole thing.
And accountability? Do we make sure that everyone logs in individually so that you can track who does what?
If you enjoyed this article, please consider sharing it!
