Information Technology Reference
In-Depth Information
Granularity of access needs to follow the “least privilege” principle —
give the minimum set of privileges needed to fulfill a task, and no more.
For example, access to a function or area in a screen should be completely
denied to someone who does not need it. In other cases, access can be
restricted to certain records or areas of the database, or to partial data
within the record if that is all that is needed. For an application to
implement the correct granularity, the underlying technologies need to
support this. Security aspects, then, become the criteria in selecting tools
and technologies.
Limiting Disclosure
Information disclosed should also be minimal (Figure 16.9). For example,
if a user ID or password is incorrect, it is better to say “invalid username
or password” instead of “user not found” or “incorrect password,” indi-
cating more specifics. One's vacation auto-responder e-mail or one's voice-
mail need not give details of one's vacation. If access is required for
emergency situations, it could be arranged through an “air gap,” in the
form of directions to contact another person, who can then provide further
details, presumably after evaluating the request.
There are ways of neutralizing sensitive data. Aggregation is one way
of disclosing information
secure data: a hospital may share data on
diseases through statistical measures. It may reveal detailed data without
actual names and identities being disclosed. The danger is that sometimes
a lot more information gets revealed inadvertently. For example, if there
are only two stores of a certain type in a zip code, and the “sale” totals
about
Figure 16.9
Limiting disclosure.
