When a new employee is hired, they are given a specific job title that carries with it certain ACL roles. Many of these roles are not used or required, thus allowing for the possibility of inappropriate access to certain information and possible exposure. When these employees change job titles, rarely if ever, are the ACL's updated.
Not only is this a critical information security issue, it is a security awareness issue. With awareness of this and a proactive and supportive C-Suite and above we can reduce this vulnerability to the security of information.
Friday, October 16, 2009
Subscribe to:
Comments (Atom)