| ITIL : 4.4 Access Control Manager |
|---|
| Access Control Manager: | | Our Access Control Manager has a primary role of managing user profiles and granting applicable levels of authority to different people. | | A formal method of reusable roles is employed to identify functional access rights and a policy method of data ownership is employed to identify data access rights. | | The combination of functions and data is implemented with conditional menus so people only have sight of facilities that they have been granted the right to use - if you cannot see a menu option you have not been granted the right to use that menu option. | | If you (or your people in your department) or branch have created any data, you have the exclusive right to change and use that data, but you do not have the right to view or use data that has been created by other branches. |
| Function Access: | | Functions are delivered for a purpose and where a user does not have the right to use a specific function, they will not see that function in any menu. | | Reference data is generally managed as a head office function with read-only rights granted to all branches. |
| Privacy | | Privacy is about personal access control - people are granted permitssion to access certain data and access certain facilities. | | People in on branch will be able to enter and process certain data using facilities they have been granted access to, but other people in another branch using the same facilities may not be granted access to data from another branch. | | Data privacy may be restricted by function, by team, by department, by branch or by company - each data cluster has its own data privacy rules. | | Facility privacy may be restricted by function, by team, by department, by branch or available to everybody in the company. | | No data and no facility is shared between different companies, however different companies may access similar reference data using similar facilities to other companies. |
| Head Office: | | Our Access Control Manager grants selected people in head office the right to view data that is owned by all branches, all departments and all users. | | Head office management information will collate and aggrigate data from all branches to deliver complete and correct totals for accounting and tax purposes. | | It would be unusual for a head office person to make data changes to data that belongs to a branch, but this is made into a two step process to avoid accidently changing data owned to other branches. |
| New Person Procedure | | An authorized person may have been granted the right to add a new user and grant them rights to do no more than the person can do themselves. | | A security rule is that nobody has access to another persons password, but some people are granted the right to reset of persons password. | | When a new person is added to the service, it is critical that no one email (the could be intercepted) is sent containing all sign-in details. | | 1. The new person is sent an email (or telephoned or spoken to) to inform them that they will be receiving and automated email from the computer system and it is important that they follow the insructions. | | 2. The add new person person procedure is used to authorize the security details of the new person. The new persons password is left blank and the "Send" button press to cause an automated email to be sent to the authorized persons email address. | | 3. The new person gets and automated email naming the authorizing person (validate its origin) and providing full details of how to access the computer service for the first time. The person is instructed to presss the "forgotten password" icon to cause a new password to be generated and sent to them by email. The forgotten password email does not provide any other sign in details and so if it is intercepted, it has little meaning. | | 4. The new person uses the generated password and may change their password to any other value - in accordance to password format rules. | | This is a reasonably secure procedure to get a new person working without disclosing the users password to any other person. | | The procedure ensures that fundamental tuition and troubleshooting information is delivered by email. |
| Access Management: | | Access Management is concerned about the interaction of two integrated security control mechanisms: | | 1. Data Access is provided to ensure users have access to only the data they are authorized to process or view. | | 2. Function Access is provided to ensure users have access to only the functions they are authorized to process or view. |
| Data Access: | | Data and functional access rights are managed using a matrix of who can do what. | | Users generally have access to data that belongs to their own branch or department and not to data that belongs to other branches or depatments. | | The organisation hierarchy exists to implement data access control; users can see data that they create and that is created by people below them in the organization hierarchy, but would not normally have access to data created by other branches, other departments or by users higher up the organization hierarchy. | | Departments are optional in the organisation hierarchy; when a department exists its purpose is to ensure that users in one department do not have access to data in another department. Where department level data access control is not needed by a business, then the definition of departments in that business is not required. | | Branches are mandatory in the organisation hierarchy and users of one branch would not normally have data access to data created by another branch. | | A head office function is rpovided above all branches and management information created for head office users may accumulate and aggrigate data from all branches and all departments. | | A branch or department may grant read-only data access to other branches or departments. For example; head office may manager some critical reference data that is reused in read-only mode by all branches. |
| Document Control: | | 1. Document Title: Access Control Manager. | | 2. Reference: 164400. | | 3. Keywords: ITIL Access Control Manager. | | 4. Description: Access Control Manager. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 13 Aug 2019. | | 7. Edition: 2.3. |
| Three Tier Access Control | | 1. To provide a three ties access control system based on: | | (1) Approved Person with an assigned role. | | (2) App Function as one or more functions assigned to each approved person. | | (3) Data Class as one or more classification assigned to each application function. | | 2. To expect approved people to be part of a department such as: | | (1) Executive as owner, executive, shareholder, senior Manager. | | (2) Finance as part of financial accounting team. | | (3) Personnel as part of HR team. | | (4) Sales as part of sales or fund raising team. | | (5) Marketing as part of public communications team. | | (6) Operations as part of research, development, operations and manufacturing team. | | (7) Information as part of IT team. | | 3. To provide all kinds of application functions such as: | | (1) O365 as Office Word, Excel and PowerPoint in document libraries (all). | | (2) Email as Office Outlook with its own unique data class (all). | | (3) Browser as MS Edge, Google Chrome, Apple Safari, Firefox (all). | | (4) Accounts as SAGE or Xero or CRM. | | (5) Sales as Blackbaud or CRM. | | (6) Public Web Site as communications with the public (all). | | 4. To use document access control to protect document classes as: | | (1) Executive documents. | | (2) Financial documents. | | (3) Personnel encryption protected documents. | | (4) Sales documents as fund raising. | | (5) Marketing documents that may be communicated with the public (all). | | (6) Operational documents for research and development. | | (7) IT documents (all). |
| How does it work | | 1. To assign each person with a "role" as specified by their manager that they cannot change. | | 2. To use the role to imply which department the person is assigned to - for no good reason. | | 3. To use the role to define what functions can be made available to the person - like a high level menu. To understand that certain "common" functions like email are available to all approved persons regardless of their role. | | 4. To use the role to define what document classes can be made available to the person - like a function level menu. To understand that certain "common" document classes like IT support are available to all approved persons regardless of their role. | | 5. To classify any document that contains Personally Identifiable Information (PII) as "personnel" where it must be encrypted and replicated to conform with GDPR legal obligations. To accept that while the finance team may deal with payroll, the majority of payroll data must be classified as "personnel" and protected to the very highest standards. |
| Access Control Records | | 1. To embrace the legal obligation to not only record each and every time a "personnel" record is changed, but each and every time it is accessed, even for read-only purposes. | | 2. To grant each person the right to access and process their own "personnel" information. | | 3. To think that because UK laws demand that "personnel" data is encrypted and replicated, then it must be logical to protect all business documents in a similar way. | | 4. To image the business risk of not professionally protecting financial, sales and exective information and suffering a data breach - then to make a policy decision to simply encrypt all business data. |
| Privacy By Design | | 1. To embrace the legal obligation to build in "privacy by design" and "security by design" as defined by General Data Protection Regulations. | | 2. To accept that twenty year old methods of working must be improved to mitigate the threat from cyber criminals - this is mandated. | | 3. To stop using tools and procedures that hackers understand and the can be used to silently attack to copy business data and personal data - ransomware is very profitable. | | 4. To understand that privacy and security can be simply deployed as: | | (1) Encrypt all data so when the data is stolen it is meaningless and worthless to the criminal. | | (2) Replicate all encrypted data so when any encrypted data is stolen it can quickly be reinstated from other distributed copies. | | 5. To embrace the security method of "pseudonymisation" as specified in General Data Protection Regulations that simply replaces any name with a token that is stored with the name in a distributed table as a link. From a criminals point of view, pseudonymisation is almost as the same as anoymisation when token management includes encryption and obfuscation. |
| Document Control: | | 1. Document Title: Access Control Manager. | | 2. Reference: 164400. | | 3. Keywords: Access Control Manager. | | 4. Description: Access Control Manager. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 24 Oct 2017. | | 7. Edition: 1.4. |
|
|