Analyzing Your Security Needs156 Red Hat Directory Server Deployment Guide • May 2005• To provide users and applications with access to the information they need toperform their jobs.• To protect sensitive data regarding employees or your business from generalaccess.If your directory serves an extranet or supports e-commerce applications over theInternet, in addition to the previous points, your concerns are:• To offer your customers a guarantee of privacy.• To guarantee information integrity.This section contains the following information about analyzing your securityneeds:• Determining Access Rights• Ensuring Data Privacy and Integrity• Conducting Regular Audits• Example Security Needs AnalysisDetermining Access RightsWhen you perform your data analysis, you decide what information your users,groups, partners, customers, and applications need to access.You can grant access rights in two ways:• Grant all categories of users as many rights as possible while still protectingyour sensitive data.If you choose this open method, you must concentrate on determining whatdata is sensitive or critical to your business.• Grant each category of users the minimum access they require to do theirjobs.If you choose this restrictive method, you must spend some timeunderstanding the information needs of each category of user inside, andpossibly outside, of your organization.No matter how you determine to grant access rights, you should create a simpletable that lists the categories of users in your organization and the access rightsyou grant to each. You may also want to create a table that lists the sensitive dataheld in the directory and, for each piece of data, the steps taken to protect it.
