Accessibility Links

Accessibility Links

Infosec
English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2

 

  

 
 

Control Access to Critical Information

You shall always grant access rights to your information on a need-to-know basis. Otherwise you face the following security risks:

  • Unauthorised staff gain access to sensitive information e.g. payroll records.
  • Your information might be sabotaged.
  • You may break the law of the Personal Data (Privacy) Ordinance.

Access control

You can setup and apply access control policies in your IT systems to allow only particular groups of people to access to specific types of data. For instance, staff in the personnel department may access payroll information, while staff in marketing department cannot. Access rights should be granted on a need-to-know basis only.

Security Tips

  • Regularly review and update your access control policy.
  • Limit the number and scope of system administrators and users.
  • Grant access rights based on an individual's role rather than on a person-by-person basis.
  • Assign each user a unique user ID.
  • Educate users about the importance of information security and always remind them of security best practices.
  • Disable a user's account or remove a user's privileges once he/she leaves the company, or if the role of that person has changed.
  • Ensure that everyone has to login and logout when accessing your system. The system should provide an automatic logoff feature in case user activities are idle for a pre-selected time period.
  • Deactivate a user account if a login attempt fails for multiple consecutive times.
  • Use passwords that are difficult to guess. Learn how to properly handle passwords.
  • Consider using biometric technology for authentication e.g., fingerprint, face recognition or smartcard technology.
  • Learn how to dispose of unwanted IT equipment safely and securely. There may be confidential information left behind.
 
 
     
Back back to topTop
 

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
 
General Users Youngsters & Students Parents & Teachers IT Professionals SME