Definition: The word, "rights", when used in the context of information security, relates directly to the word authorization. Users are granted or authorized to use specific resources. Generally the right to access an information asset is part of any information security plan. Among the privileges that a user can be granted is to be able to read a file, write to a file, run a file and to delete records. The technical manner in which access is granted to resources would be determined by the information infrastructure’s operating system and the characteristics of the network.
The details of who has the "right" to access assets is spelled out in an information security plan. Among the basic requisites is that the person responsible for security must know what assets are owned.
Its Relevance: Information infrastructure owners must address who has access to the resources of the system. The choices should be governed by the security principle, “need to know”. Users would only be allowed to work with resources for which they have been granted access. The policies and procedures should be spelled out in the organization’s information security plan. Without a security plan (and knowing what assets are to be protected) infrastructure owners are flailing in the dark.
Return from "Rights" to Words [P - R]