Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IS/DPP for staff #5a - Access


Published on

An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on authorization and access rights, focussing on the staff's part in that.
The slides come with notes that in short explain the visuals on the slides.

Published in: Education
  • Be the first to comment

  • Be the first to like this

IS/DPP for staff #5a - Access

  1. 1. - Internal - IS/DPP Baseline Training E-learning – Part 5 – Access
  2. 2. 2 - Internal - Page There are “3rd Parties” and “3rd Parties” Environment Physical Human Device Application Repository Carrier Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties But important roles as well for: - HR - Line Management / Sponsor - All of Us
  3. 3. 3 - Internal - Page “No contract, no data” Prerequisite: Contract
  4. 4. 4 - Internal - Page The Rule
  5. 5. 5 - Internal - Page Request  Only ask those access rights you require.  If you no longer need access rights, inform IT or HR they can close them.
  6. 6. 6 - Internal - Page Authorization  Authorization is function / role based (“need-to- know”).  Authorizations are not always equal to access rights.
  7. 7. 7 - Internal - Page Access Rights  Access rights determine what you can see, not what you should look at in the context of your work (need- to-know). Your authorization and need-to-know always prevails on what you technically can.  Don’t use your access rights for private purposes, not even to look at your own data.
  8. 8. 8 - Internal - Page Access Rights Are Precious  Perform all your activities with your personal user ID.  Your personal user ID is being used only by you and no one else.  Do not share your access rights. 11 april 2017
  9. 9. 9 - Internal - Page Behind the Curtains  When you join ABC Group or a new unit your authorizations and access rights may be requested by HR and/or your line management.  ABC Group is also working on a periodic review of access rights in a cooperation between you, your line management, HR, and the Information Asset Owners.
  10. 10. 10 - Internal - Page Key Takeaways  You should only have access rights and use them as your job requires (need-to-know).  You should pro-actively (help) manage your access rights.  Your access rights are personal and should not be shared. 30 sec IS/DPP survival kit WrapUp