Why use access control?
We are used to insuring valuable property such as boats, houses,
commercialproperties and cars. How can we insure ourselves against data getting
into thewrong hans, or unauthorized users gaining access to the internal
computernetwork? Who is responsible for any losses incurred?The value of data
varies from one company to another. Even rumors can have serious effects if
sensitive information goes astray. Companies are running a considerable risk
with employees roaming the world, carrying important information on their
portable computers. If a computer isstolen on a business trip, that important
project could easily end up as reading matter on the
Internet or in the Washington Post. Companies also
have a moral obligation to protect personal information stored on
computer, even if the loss of such data would not damage the company in financial
terms. If an organization asks its employees to supply personal data, it also
has a responsibility to store it safely. The safe way to store data is in encrypted form.
It is difficult to
judge how sensitive an organization is to the loss of data. Nevertheless,
you should be able to answer the following questions:
1. What if internal data gets into the wrong hands?
2. What if unauthorized users make changes to data?
If the consequences of either of the above are negative, you
could do a simple sum showing how much an access control product would cost, set
against any possible losses. Note that the quality of access control products
varies considerably. You should choose the product
that meets your specific requirements.
Windows Privacy Tools - http//www.privacywindows.com