Role-Based Computer Access

Aug 1, 2003 12:00 PM, Trey Guerin and Richard Lord


         Subscribe in NewsGator Online   Subscribe in Bloglines

Those responsible for IT security in the government need to be aware of who is accessing their systems, from where, for how long, and for what purpose. Role-based access control (RBAC) provides a practical and effective way to accomplish the task.

Built on secure data repositories, the RBAC model grants user access according to roles within the organization and the attributes attached to those roles. While challenging to design and implement, RBAC systems can be tailored to each agency's business model and level of risk tolerance relative to data security.

Here are eight steps to a successful RBAC technology solution:

  1. Identify the organizational challenges driving the need for an access control solution.

  2. Articulate the goals and value proposition of implementing an RBAC system.

  3. Design the system's framework to extract maximum value and ROI.

  4. Formulate an implementation methodology, including project management, timeline and budget, and a set of benchmarks and milestones against which to measure progress.

  5. Compile information on existing information systems (hardware, operating systems and applications) and determine the level of security needed to protect them. This decision should be based on the degree of confidentiality and security required by the agency's core mission, business and customer service needs, and statutory and/or regulatory requirements.

  6. Define all roles across the organization and determine the level of access required by each role to enable effective job performance.

  7. Formulate an automated workflow strategy detailing how roles will be changed or updated, how new users will be registered under their appropriate roles, and how accounts will be terminated when employees depart.

  8. Plan for education and organizational change. Ideally, this should originate at the executive and managerial levels to ensure compliance and speed-to-value.

In addition to providing an appropriate level of information security for government agencies, RBAC has proven helpful in streamlining and automating a multitude of transactions and business processes, resulting in higher efficiency and productivity for employees across the organization.

Trey Guerin is CEO and Richard Lord is vice president of Network Security Consulting, L.L.C., Columbia, Md.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Latest Jobs

Popular Stories

Resources

Webinar

A Cost-Effective Framework For Total Security Integration

Join AC&SS and MAXxess as they review two different IP-framework applications
Wednesday, July 30, 2008 at 2:00pm ET/11:00am PT

Register Now!

Back to Top