richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/Information Security/Roles in Identity and Access Management (IAM).md

5.2 KiB
Raw Permalink Blame History

Roles in Identity and Access Management (IAM)

See also: Access Control Models

Rollen in autorisatiebeheer

  • Wie bepaalt de autorisaties per rol? opstellen autorisatiematrix (autorisaties per rol)
  • Wie wijst de autorisaties toe aan personen? - toekennen rol(len) aan persoon
  • Wie configureert het in het systeem?
  • Wie controleert periodiek of het klopt?

In general

In the context of assigning rights to information access and administrative privileges within software applications, the roles of Data Owner, Data Steward, IT Administrator, Security Officer, and User play distinct and interconnected parts:

Data Owner:

  • Role: The Data Owner is an individual or a business unit that is responsible for the data within the organization. They have ultimate accountability for the data's use, quality, and security.
  • Responsibilities:
    • Define who should have access to the data and what level of access is required.
    • Set data protection policies and ensure compliance with legal and organizational standards.
    • Approve access requests and make decisions about data usage.
    • Oversee data lifecycle management, including data classification and retention.

Data Steward:

  • Role: The Data Steward acts as a custodian of data on behalf of the Data Owner, ensuring that data governance policies are implemented and adhered to.
  • Responsibilities:
    • Maintain data quality, integrity, and protection.
    • Implement data management policies and procedures established by the Data Owner.
    • Facilitate data accessibility for authorized users and ensure security measures are applied.
    • Monitor and audit data usage to ensure compliance with established guidelines.

IT Administrator:

  • Role: IT Administrators are responsible for the technical implementation and maintenance of IT systems, including managing access controls and user accounts.
  • Responsibilities:
    • Implement and manage access control systems and permissions according to policies defined by Data Owners.
    • Ensure systems are secure, updated, and operating efficiently.
    • Troubleshoot and resolve access-related issues for users.
    • Collaborate with security personnel to enforce security measures and monitor for breaches.

Security Officer:

  • Role: The Security Officer focuses on protecting an organization's data and IT infrastructure from breaches and ensuring compliance with security policies.
  • Responsibilities:
    • Develop, implement, and oversee security policies and procedures to safeguard data.
    • Conduct risk assessments and audits to identify vulnerabilities.
    • Respond to security incidents and breaches by implementing corrective actions.
    • Provide guidance and training to staff on security best practices and compliance requirements.

User:

  • Role: Users are the individuals or entities that require access to data and applications for daily operational tasks.
  • Responsibilities:
    • Access and use data and applications in compliance with organizational policies and procedures.
    • Protect access credentials and report any security incidents or suspicious activities.
    • Adhere to data handling and privacy standards set forth by Data Owners and Security Officers.
    • Participate in relevant training programs to stay informed about security practices.

Each of these roles contributes to a comprehensive framework for managing information security, ensuring that applications and data are accessed appropriately and remain protected from unauthorized access or misuse. The coordination between these roles helps in aligning technical controls with organizational policies to maintain security and compliance.

IAM for Google Cloud

Source

Basic roles

Role Permissions
Viewer Permissions for read-only actions that do not affect state, such as viewing (but not modifying) existing resources or data.
Editor All viewer permissions, plus permissions for actions that modify state, such as changing existing resources.
Owner All Editor permissions and permissions for the following actions: - Manage roles and permissions for a project and all resources within the project. - Set up billing for a project.

Access approval roles

Role Permissions
Approver Act on access approval requests
Editor Update the Access Approval configuration
Invalidator Invalidate approved requests
Viewer View access approval requests and configuration