SlideShare una empresa de Scribd logo

IS/DPP for staff #5a - Access

Descargar como PPTX, PDF
T
Tommy Vandepitte

An example of how the staff training on information security, data protection and privacy (IS/DPP) could look. This part is on authorization and access rights, focussing on the staff's part in that. The slides come with notes that in short explain the visuals on the slides.

Educación
1 de 10
- Internal - IS/DPP Baseline Training E-learning – Part 5 – Access
2 - Internal - Page There are “3rd Parties” and “3rd Parties” Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties But important roles as well for: - HR - Line Management / Sponsor - All of Us
3 - Internal - Page “No contract, no data” Prerequisite: Contract
4 - Internal - Page The Rule
5 - Internal - Page Request  Only ask those access rights you require.  If you no longer need access rights, inform IT or HR they can close them.
6 - Internal - Page Authorization  Authorization is function / role based (“need-to- know”).  Authorizations are not always equal to access rights.
7 - Internal - Page Access Rights  Access rights determine what you can see, not what you should look at in the context of your work (need- to-know). Your authorization and need-to-know always prevails on what you technically can.  Don’t use your access rights for private purposes, not even to look at your own data.
8 - Internal - Page Access Rights Are Precious  Perform all your activities with your personal user ID.  Your personal user ID is being used only by you and no one else.  Do not share your access rights. 11 april 2017
9 - Internal - Page Behind the Curtains  When you join ABC Group or a new unit your authorizations and access rights may be requested by HR and/or your line management.  ABC Group is also working on a periodic review of access rights in a cooperation between you, your line management, HR, and the Information Asset Owners.
10 - Internal - Page Key Takeaways  You should only have access rights and use them as your job requires (need-to-know).  You should pro-actively (help) manage your access rights.  Your access rights are personal and should not be shared. 30 sec IS/DPP survival kit WrapUp

Recomendados

Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...William Tanenbaum
 
Legal aspects of using employee monitoring software
Legal aspects of using employee monitoring softwareLegal aspects of using employee monitoring software
Legal aspects of using employee monitoring softwareWorktime
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Peter GEELEN ✔
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Peter GEELEN ✔
 
Requirements management
Requirements managementRequirements management
Requirements managementPinaki Ghosh
 
Optimising SAP HR Authorisation by using custom development incl. BAdIs
Optimising SAP HR Authorisation by using custom development incl. BAdIsOptimising SAP HR Authorisation by using custom development incl. BAdIs
Optimising SAP HR Authorisation by using custom development incl. BAdIsSven Ringling
 
Secure Software Design for Data Privacy
Secure Software Design for Data PrivacySecure Software Design for Data Privacy
Secure Software Design for Data PrivacyNarudom Roongsiriwong, CISSP
 
The future of dlp is automation
The future of dlp is automationThe future of dlp is automation
The future of dlp is automationMartín Ríos
 

Recomendados

Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...William Tanenbaum
 
Legal aspects of using employee monitoring software
Legal aspects of using employee monitoring softwareLegal aspects of using employee monitoring software
Legal aspects of using employee monitoring softwareWorktime
 
Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Peter GEELEN ✔
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Peter GEELEN ✔
 
Requirements management
Requirements managementRequirements management
Requirements managementPinaki Ghosh
 
Optimising SAP HR Authorisation by using custom development incl. BAdIs
Optimising SAP HR Authorisation by using custom development incl. BAdIsOptimising SAP HR Authorisation by using custom development incl. BAdIs
Optimising SAP HR Authorisation by using custom development incl. BAdIsSven Ringling
 
Secure Software Design for Data Privacy
Secure Software Design for Data PrivacySecure Software Design for Data Privacy
Secure Software Design for Data PrivacyNarudom Roongsiriwong, CISSP
 
The future of dlp is automation
The future of dlp is automationThe future of dlp is automation
The future of dlp is automationMartín Ríos
 
SPSRI - Sharing the Point in an A/D World
SPSRI - Sharing the Point in an A/D WorldSPSRI - Sharing the Point in an A/D World
SPSRI - Sharing the Point in an A/D WorldJared Matfess
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 20168MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016Andi Robinson
 
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 BC:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 Basireesha
 
Practical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsPractical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsRobert E Jones
 
Out
OutOut
Outnadeemzafar
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and GovernanceGRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and GovernanceAndrew Clark
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)Asif Iqbal
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)Asif Iqbal
 
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptxCHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptxRogerPrimo2
 
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsGACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsRobert E Jones
 
GDPR & IBM i Security
GDPR & IBM i SecurityGDPR & IBM i Security
GDPR & IBM i SecurityPrecisely
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Employee monitoring without spying
Employee monitoring without spyingEmployee monitoring without spying
Employee monitoring without spyingWorktime
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Aggregage
 
GDPR - Employee Deletion in SAP
GDPR - Employee Deletion in SAP GDPR - Employee Deletion in SAP
GDPR - Employee Deletion in SAP Sarmad Reda
 
Privacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentPrivacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentAchilleas Papageorgiou
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
13824518.ppt
13824518.ppt13824518.ppt
13824518.pptzeinorrahman
 
DPIA template
DPIA templateDPIA template
DPIA templateTommy Vandepitte
 
Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
 

Más contenido relacionado

Similar a IS/DPP for staff #5a - Access

SPSRI - Sharing the Point in an A/D World
SPSRI - Sharing the Point in an A/D WorldSPSRI - Sharing the Point in an A/D World
SPSRI - Sharing the Point in an A/D WorldJared Matfess
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 20168MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016Andi Robinson
 
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 BC:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 Basireesha
 
Practical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsPractical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsRobert E Jones
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and GovernanceGRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and GovernanceAndrew Clark
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)Asif Iqbal
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)Asif Iqbal
 
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptxCHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptxRogerPrimo2
 
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsGACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsRobert E Jones
 
GDPR & IBM i Security
GDPR & IBM i SecurityGDPR & IBM i Security
GDPR & IBM i SecurityPrecisely
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Employee monitoring without spying
Employee monitoring without spyingEmployee monitoring without spying
Employee monitoring without spyingWorktime
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Aggregage
 
GDPR - Employee Deletion in SAP
GDPR - Employee Deletion in SAP GDPR - Employee Deletion in SAP
GDPR - Employee Deletion in SAP Sarmad Reda
 
Privacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentPrivacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentAchilleas Papageorgiou
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 

Similar a IS/DPP for staff #5a - Access (20)

SPSRI - Sharing the Point in an A/D World
SPSRI - Sharing the Point in an A/D WorldSPSRI - Sharing the Point in an A/D World
SPSRI - Sharing the Point in an A/D World
 
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 20168MAN-Public_Sector_Data_and_Information_Security_Survey 2016
8MAN-Public_Sector_Data_and_Information_Security_Survey 2016
 
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 BC:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
C:\Documents And Settings\User\Desktop\Wipo Smes Sha 04 10 B
 
Practical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business ContractorsPractical Cybersecurity Compliance for Small Business Contractors
Practical Cybersecurity Compliance for Small Business Contractors
 
Out
OutOut
Out
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and GovernanceGRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)
 
Footprintig (Haching)
Footprintig (Haching)Footprintig (Haching)
Footprintig (Haching)
 
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptxCHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
CHAPTER 1 - PROFESSIONAL ISSUES (Lecture 1.3).pptx
 
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business ContractorsGACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
GACO Webinar: Practical Cybersecurity Compliance for Small Business Contractors
 
GDPR & IBM i Security
GDPR & IBM i SecurityGDPR & IBM i Security
GDPR & IBM i Security
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Employee monitoring without spying
Employee monitoring without spyingEmployee monitoring without spying
Employee monitoring without spying
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
Back to the Office: Privacy and Security Solutions to Compliance Issues for 2...
 
GDPR - Employee Deletion in SAP
GDPR - Employee Deletion in SAP GDPR - Employee Deletion in SAP
GDPR - Employee Deletion in SAP
 
Privacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentPrivacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application development
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
13824518.ppt
13824518.ppt13824518.ppt
13824518.ppt
 

Más de Tommy Vandepitte

Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
 
20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)Tommy Vandepitte
 
GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)Tommy Vandepitte
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreementsTommy Vandepitte
 
Gegevensbescherming makelaars
Gegevensbescherming makelaarsGegevensbescherming makelaars
Gegevensbescherming makelaarsTommy Vandepitte
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protectionTommy Vandepitte
 
Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Tommy Vandepitte
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)Tommy Vandepitte
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)Tommy Vandepitte
 
IS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringIS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringTommy Vandepitte
 
IS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsIS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsTommy Vandepitte
 
IS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useIS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useTommy Vandepitte
 
IS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsIS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsTommy Vandepitte
 
IS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data ClassificationIS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data ClassificationTommy Vandepitte
 
IS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataIS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataTommy Vandepitte
 
IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?Tommy Vandepitte
 
IS/DPP for staff #1 - intro
IS/DPP for staff #1 - introIS/DPP for staff #1 - intro
IS/DPP for staff #1 - introTommy Vandepitte
 

Más de Tommy Vandepitte (20)

DPIA template
DPIA templateDPIA template
DPIA template
 
Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdracht
 
20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)
 
GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreements
 
Gegevensbescherming makelaars
Gegevensbescherming makelaarsGegevensbescherming makelaars
Gegevensbescherming makelaars
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protection
 
Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)
 
IS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringIS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - Monitoring
 
IS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsIS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - Incidents
 
IS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useIS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable use
 
IS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsIS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - Passwords
 
IS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data ClassificationIS/DPP for staff #3b - Data Classification
IS/DPP for staff #3b - Data Classification
 
IS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataIS/DPP for staff #3a - Data
IS/DPP for staff #3a - Data
 
IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?
 
IS/DPP for staff #1 - intro
IS/DPP for staff #1 - introIS/DPP for staff #1 - intro
IS/DPP for staff #1 - intro
 
Training Procurement
Training ProcurementTraining Procurement
Training Procurement
 

Último

Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...DhatriParmar
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxAneriPatwari
 
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6Vanessa Camilleri
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 

Último (20)

Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptx
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptx
 
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 

IS/DPP for staff #5a - Access

  • 1. - Internal - IS/DPP Baseline Training E-learning – Part 5 – Access
  • 2. 2 - Internal - Page There are “3rd Parties” and “3rd Parties” Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties But important roles as well for: - HR - Line Management / Sponsor - All of Us
  • 3. 3 - Internal - Page “No contract, no data” Prerequisite: Contract
  • 4. 4 - Internal - Page The Rule
  • 5. 5 - Internal - Page Request  Only ask those access rights you require.  If you no longer need access rights, inform IT or HR they can close them.
  • 6. 6 - Internal - Page Authorization  Authorization is function / role based (“need-to- know”).  Authorizations are not always equal to access rights.
  • 7. 7 - Internal - Page Access Rights  Access rights determine what you can see, not what you should look at in the context of your work (need- to-know). Your authorization and need-to-know always prevails on what you technically can.  Don’t use your access rights for private purposes, not even to look at your own data.
  • 8. 8 - Internal - Page Access Rights Are Precious  Perform all your activities with your personal user ID.  Your personal user ID is being used only by you and no one else.  Do not share your access rights. 11 april 2017
  • 9. 9 - Internal - Page Behind the Curtains  When you join ABC Group or a new unit your authorizations and access rights may be requested by HR and/or your line management.  ABC Group is also working on a periodic review of access rights in a cooperation between you, your line management, HR, and the Information Asset Owners.
  • 10. 10 - Internal - Page Key Takeaways  You should only have access rights and use them as your job requires (need-to-know).  You should pro-actively (help) manage your access rights.  Your access rights are personal and should not be shared. 30 sec IS/DPP survival kit WrapUp

Notas del editor

  1. Welcome to the fifth part of the baseline training IS/DPP. Herein we look at access to the data.
  2. Access relates to all layers and is strongly related to the confidentiality of the data and the “circles of trust”. Everybody in the “circle of trust” has access. Everybody outside the “circle of trust” is a “third party”. It must be clear that this is distinct from the third parties we defined as external staff. So for restricted data, if you do not need that data for the performance of your job, you are considered a “third party”.
  3. Note that here as well we apply “no contract, no data”. As an internal staff member, you have your employment agreement with the ABC Group. As an external staff member, you or the company you work for have an agreement with the ABC Group.
  4. In principle per information asset it is (or should be) determined who is authorized to have access, and that is (or should be) based on the need-to-know.
  5. That is why you have a specific responsibility to help set up and close down access rights that fit your needs AND to restrain yourself from snooping around in information that you do not need in the context of your job.
  6. The authorization is in principle given by your line management (or if you are an external staff member your sponsor) and the information asset owner based on your function or role.
  7. Based on the authorization decision access rights are granted. Sometimes however it is technically so hard to set up such detailed access management or it is just not user friendly to ask for expansion (and collapse) of access rights all the time, that the organisation chooses to set up access rights on a higher level, rather than on the level of a specific information asset. For example you may get access rights to a part of the building, an application, or a server drive, rather than only to the data that relates to the project you need access to in the context of your job.
  8. In terms of access rights you can and must be selfish. You must perform your activities with your personal user ID. You should be the only one using your personal user ID. You must not share your access rights. This is important because all actions on your personal user ID will be attributed to you.
  9. Behind the curtains ABC is working on failsafe procedures to support and challenge your access rights.
  10. That is it for this section. Here are a few key takeaways.