Comments on: Get your paws off me, you dirty ape. Of course I can talk, I’m a contractor. http://securityviews.com/blog/2008/03/21/get-your-paws-off-me-you-dirty-ape-of-course-i-can-talk-im-a-contractor/ Actionable security ideas for managers. Fri, 05 Dec 2008 16:33:17 +0000 http://wordpress.org/?v=2.0.2 by: Rob Lewis http://securityviews.com/blog/2008/03/21/get-your-paws-off-me-you-dirty-ape-of-course-i-can-talk-im-a-contractor/#comment-5450 Wed, 26 Mar 2008 14:12:53 +0000 http://securityviews.com/blog/2008/03/21/get-your-paws-off-me-you-dirty-ape-of-course-i-can-talk-im-a-contractor/#comment-5450 Your post illustrates another example of the need for proper information-centric security, where access and audit control at the data file level on a per user basis is required. One of the biggest barriers to protecting private data is the lack of an intuitive and practical security management framework that easily maps business roles and rules into security policies that can be enforced. That is probably why there is so little attention paid to common sense principles such as least privilege and separation of duties. This task is not easily achieved with the current network security model, so perhaps managers resort to the option of doing nothing and "hoping for the best", (until there is an incident). Your post illustrates another example of the need for proper information-centric security, where access and audit control at the data file level on a per user basis is required.

One of the biggest barriers to protecting private data is the lack of an intuitive and practical security management framework that easily maps business roles and rules into security policies that can be enforced. That is probably why there is so little attention paid to common sense principles such as least privilege and separation of duties.

This task is not easily achieved with the current network security model, so perhaps managers resort to the option of doing nothing and “hoping for the best”, (until there is an incident).

]]>