SecurityFocus

web form filling bots Jun 28 2012 04:17PM
Anwar Khan (anwarrhce gmail com) (3 replies)

RE: web form filling bots Jun 28 2012 05:26PM
Nick Schroedl (NSchroedl mullen-group com)

Re: web form filling bots Jun 28 2012 04:51PM
Rob (synja synfulvisions com) (1 replies)

RE: web form filling bots Jun 28 2012 06:20PM
Sandeep Cheema (51l3n7 live in) (1 replies)

data level entitlements Jun 28 2012 07:07PM
Thugzclub (thugzclub googlemail com) (2 replies)

Re: data level entitlements Jun 29 2012 12:23AM
Jeffrey Walton (noloader gmail com)

Re: data level entitlements Jun 28 2012 10:08PM
Vic Vandal (vvandal well com)

Your question is a bit vague. My interpretation of that term would be that you want to know about recording and tracking access approvals at the data level. For example, an auditor asks to show evidence that access to a certain set of sensitive data was duly authorized, and that the data access is restricted to only those who have the documented authorization. Who is entitled to access the data, who granted them that entitlement, when was it granted, is the access still valid, etc.

If that's what you mean, are you asking about references/links to commercial or open source apps to provide that sort of authorization tracking and reporting?
Most standard helpdesk ticketing systems can provide that view. Someone requests access to some specific sensitive data, someone approves the access, and someone grants the access. All of that information should be in the ticketing system, and then be available for reporting purposes as needed.

If you need recurring (monthly/quarterly/annually) authorizations, there are some applications that can provide that sort of tracking and approval management. I can't recommend any specific ones because I haven't used them personally. We use a home-grown system for that purpose where I work.

-Vic

----- Original Message -----
From: "Thugzclub" <thugzclub (at) googlemail (dot) com [email concealed]>
To: listbounce (at) securityfocus (dot) com [email concealed], security-basics (at) securityfocus (dot) com [email concealed], pen-test (at) securityfocus (dot) com [email concealed]
Sent: Thursday, June 28, 2012 3:07:12 PM
Subject: data level entitlements

All,

Does anybody know where I can get some info on "data level entitlements"

Cheers

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]

Re: web form filling bots Jun 28 2012 04:25PM
TAS (p0wnsauc3 gmail com)