Template content - Access control policy
Assign topic to the user
Please note that the original English text is "When allocating privileges the person responsible must take into account business and security requirements for access (defined in risk assessment), ..."
Considering this text, business and security requirements for access are not defined in the risk assessment. The risk assessment only provides additional information that must be considered when defining such accesses. An example of business requirement for access is remote access to some roles (e.g., sales staff, remote developers, etc.)
Comment as guest or Sign in
Oct 24, 2019