Previous Topic: Organization and Resource Requirement Considerations

Next Topic: Identify Resources and Roles

How Organization Security Requirements Are Defined

To determine the more specific security needs, consider the following issues:

These organization requirements:

Affect these tasks:

  • Who requires access to the resources?
  • How much access do they require?
  • Can you categorize users with similar access requirements into groups?

Configuring user directory connections

  • Which resources require protection?
  • Do different resources require different levels of protection?

Creating policy domains and realms

  • How sensitive and valuable is the information?
  • How much do you trust your users?
  • Are your users local or remote?
  • What type of security do your users expect?
  • Will you lose customers if security does not match their expectations?

Creating authentication schemes using from authentication templates

  • Are there security guidelines, regulations, or laws your organization is required to meet?
  • Do different objects require fine-grained protection or personalization?
  • What type of actions do you want to control?

Defining rules

  • What type of security and controls do your users and customers expect?
  • Do different groups of users require different views of the resource?
  • What events should take place when a user is authenticated or authorized?

Defining responses

  • How will you implement your requirements?

Defining policies


Copyright © 2010 CA. All rights reserved. Email CA about this topic