Reply To: Week 1 Topic 1

[Boonyarat Kanjanapongporn]

I have experienced the situation when the confidentiality couldn’t be preserved but luckily it didn’t cause any damages.
At my previous workplace, Access control had been implemented by the design. There were username and password for each staff which had authority level to access and adjust information based on staff position. However,in practical situation, there were many days when the high authority staff were absent but the work needed high priority access urgently. Therefore, the username and password had to be shared among staff undeniably.
So far these situations didn’t cause any problems. It could be worse if people intentionally used other’s accessibility to adjust important information for personal benefits which could create problems to the password owner later.
Chances of losing ability to control information in this case were from security awareness. It could start with regular training for workforce to remind people about the importance of information security. Moreover, log-in monitoring and regular password renewing could help detect the suspicious log-in and limit the unexpected system access respectively.