|
|
Access rights to an IT system, to stored data and to IT applications should only be granted to the extent required to carry out the necessary tasks. If these rights are administered incorrectly, it can result in a disruption of the operation. if the necessary access rights were not granted or to security leaks if more rights were granted than required.
Example:
As a result of incorrect administration of access rights, a clerk is able to gain access to auditing data. By deleting specific entries, he is able to cover up his attempts to manipulate the computer because they will not appear in the log file any longer.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |