Monthly Archives: December 2013

Security and compliance

Security and compliance has many different aspects. In the list below, I try to provide an overview on these aspects. We have seen:

  • Authentication. Is the person really the person that he says he is.
  • Principal Propagation. If someone from system A issues a command that system B will start, system B will need to know if that someone has the privilege to do so.
  • Encryption. Is the file or the table encrypted. This creates another layer of security. If someone gets access to these file or table without proper privileges, he is still not able to read the data without the encryption key.
  • Compliance. Are legal requirements followed?
  • Authorization. This indicates the privileges someone has.
  • Single Sign On. Some sets of applications only need one log on procedure. Once logged on, the other applications rely on the first log on procedure.
  • User management. The maintenance of the list of persons and system accounts and their privileges.
  • Logging. A document or file that contains a list of the events that have taken place.
  • Archiving. Storage of obsolete files.
  • Auditing. The process of verification of a proper working of the business process.