E-business Guide Logo
E-business step by step
Understanding e-business
What are the benefits?
Trusting the Internet
Getting started
Understanding
About planning
How to plan
Researching the opportunities
Key issues to consider
What level of e-business is right for you?
Writing your e-business plan
Planning
About building
Technical issues
Choosing and preparing contents
What do you want users to do?
Marketing and your website
Designing your website
E-commerce - selling on your website
Maintenance considerations
Developing the website
Building
About protecting
Why be secure?
Where do I start?
What can I do?
Key issues
Top ten e-security tips
Protecting
About managing
Who does the managing?
Maintaining e-business systems
Internal policies and guidelines
Promoting your website
Budgeting for maintenance
Controlling the risks
Legal issues
Spam and ethical e-marketing
Managing
About Improving
Evaluating your e-business
Doing business with government online
Procurement over the Internet
Managing the supply-chain and logistics
Putting your catalogue online
E-marketplaces
Exporting
Improving
e-businessguide - An Australian guide to doing business online e-businessguide Image
Who should be authorised to access data? Protecting - What can I do? - Who should be authorised to access data?
You are here:  Home  /   Protecting   /   What can I do?   /   Who should be authorised to access data?

Employees at various levels throughout an organisation will require access to different types of information and data. This sometimes applies to contractors working within your business.

Authorisation refers to the granting of access rights to data, software and communications, based on the allocation of tasks to the users to allow them to perform their job.

For example, all employees may need to access word processing software, but are only granted rights to directories containing files that are directly relevant to them. The same applies to spreadsheet software. All users may need access to the software but only certain people can have access to the company's financial records created using that software. In this case, access to the software is unrestricted, but access to files containing data is provided on a restricted basis.

What to do

  • Access to sensitive or confidential data (personnel files, financial records, customer details, sales figures, planning documents) should be on a need-to-know basis only.
  • All users must have individual accounts (an account is simply all the access rights a user is entitled to) and never allow accounts to be shared.
  • Job roles must be clearly defined and user accounts set-up to support these roles.
  • All users must have documented acknowledgement of their rights and responsibilities related to access authorisations. This should include the company policy on "acceptable use" of systems, including hardware and software, communications including email and Internet, and the use of peripheral equipment such as printers and scanners.
  • As employees' roles change, their access privileges may need to change, so authorisations should be reviewed regularly and modified to ensue appropriateness.
  • Access control procedures must be documented, implemented and reviewed periodically.

As additional functions, features and capabilities are added to your company website, overall security should be adequately controlled. User access policies and procedures should be developed and implemented to ensure that an appropriate level of access is allowed.

For example, you may wish certain suppliers to have access to your system to share data such as inventory records or automatic ordering and re-stocking processes. You should ensure that the appropriate security controls are in place to prevent unauthorised use of this access point that would allow people to access other parts of your network where there is confidential and sensitive information.

Next topic in this section >

< BACK Printer friendly Printer-friendly version Text-only Text-only site
Home Contact us Privacy Disclaimer Copyright Site Map
Resources

using this site
who can help
e-business training
e-business references
case studies
quick tools
glossary
Search
 
Advanced
DBCDE Logo
Last updated 16 May 2009