Determining security objectives

An important step in defining and implementing an effective security plan is to determine your security objectives.

About this task

Suppose that the Spiffy Computer Company management team determines the following security objectives:

Managers can see, but not update, all of the employee data for members of their own departments.
Managers of managers can see all of the data for employees of departments that report to them.
The employee table resides at a central location. Managers at remote locations can query the data in the table.
The payroll operations department makes changes to the employee table. Members of the payroll operations department can update any column of the employee table except for the salary, bonus, and commission columns.
Members of payroll operations can update any row except for rows that are for members of their own department. Because changes to the table are made only from a central location, distributed access does not affect payroll operations.
Changes to the salary, bonus, and commission columns are made through a process that involves the payroll update table. When an employee's compensation changes, a member of the payroll operations department can insert rows in the payroll update table. For example, a member of the payroll operations department might insert a row in the compensation table that lists an employee ID and an updated salary. Next, the payroll management group can verify inserted rows and transfer the changes to the employee table.
No one else can see the employee data. The security plan cannot fully achieve this objective because some ID must occasionally exercise SYSADM authority. While exercising SYSADM authority, an ID can retrieve any data in the system. The security plan uses the trace facility to monitor the use of that power.