How do I know who is accessing my information?

Text only site | Graphic site

---

Site Navigation:

Understanding  |  Planning  |  Building  |  Protecting  |  Managing  |  Improving

---

In this section:

About protecting  |  Why be secure?  |  Where do I start?  |  What can I do?  |  Key issues  |  Top ten e-security tips

---

In this sub-section:

The security program lifecycle  |  Who will administer and manage the process?  |  Who should be authorised to access data?  |  How do I know who is accessing my information?  |  How do I keep track of everything?

---

Search For   

---

Authentication

Authentication is the process of ensuring that the correct user is identified as a trusted source and is authorised to conduct specific transactions.

The reason for having access controls is to permit access to information and technology on a need-to-know, job function-related basis and to ensure users cannot gain access to information and technology for which they are not authorised.

What to do

Establish access controls to ensure that:

• access to information and systems is limited to the minimal number of users
• system logs record who logs on, when, where and for how long, and track any deletions or modifications, changes to file or database structure
• additional workstations, systems and software are reviewed periodically.

Password protection

Passwords are the first line of defence against unauthorised access to information and systems.  

All new accounts should be given initial passwords that are set by administrators. Once in the system new users can specify their own password, following a set of password definition guidelines. 

What to do

Develop a password protection system for your business.  You and your staff should:

• Avoid passwords that would be readily identifiable or easy for anyone to guess (such as family names, birth dates)
• Use a mix of upper and lower case alpha, numeric and special characters
• Memorise your passwords and make sure that you do not write down your password or store it in easy to find places or file on or near your computer
• Use a completely new password every time you change your password and never reuse old passwords
• Avoid using dictionary or foreign words because hackers have many tools, such as dictionary programs, to assist them.  A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password
• Never share your password with anyone
• Never send your password via email
• Change your passwords regularly, at least every three months.

For more information on security issues, you might like to look at this fact sheet developed by DCITA as part of their publication, Trusting the Internet:

 Trusting the Internet Fact Sheet - How do I choose the best authentication system? (101 kb)

Next topic in this section >

---

Resources:
using this site | who can help | e-business training | e-business references | case studies | quick tools | glossary

---

Graphic site
Last date modified: 16 May 2009
Page URL: http://www.e-businessguide.gov.au/protecting/what/access