But when we get down to the nitty gritty (the brass tacks if you will), security can be simplified by six simple questions:
WHO is logging in?
WHAT are they accessing/viewing?
WHERE is the device from which that person logs in?
WHEN was any asset changed/modified/moved
HOW are they authorised/credentialed?
WHAT is the impact of the event?
Now determining the answers to those questions might require a bit of coordination, but in terms of initiative and priority, it is the answers to the above questions that must drive any enterprise security initiative.
The concept of enterprise security is simple. Allow those who you want to see and access data in, and everyone else out. Of course the addendum to that is those that are …