|
|
Posted on 7/8/2022 9:46:18 PM
|
|
|
|
Requirements: The first time I heard a colleague talk about the Break Glass system, if you want to view the data of the production database, you need to obtain temporary access credentials from the Break Glass system, through the temporary credentials you can view the data of the production database, usually, the temporary permissions are relatively small, only the minimum permissions that can complete the task will be provided, simply put, that isAssign on demand, with as little unnecessary permissions as possibleFor example, access to the production database is only read-only, or even only read-only permissions for certain tables.
Break Glass(named after breaking glass to pull a fire alarm) refers to a quick means for people without access to gain access if necessary. Systems containing primary source data (information) for treatment must be developed, documented, implemented, and tested for broken glass procedures to be used when access to ePHI is required in an emergency. These systems must have a clearly stated and widely understood procedure to allow access through alternative and/or manual methods.
In calculations, "Break Glass" is the act of checking system account passwords to bypass normal access control procedures for critical emergencies. This gives users immediate access to accounts they would not normally have access to. This method is typically used for the highest level system accounts, such as the root account for Unix or the SYS/SA for the database. These accounts are highly privileged and breaking the glass limits them with password duration, with the aim of controlling the use of the account and reducing it to the point where it is absolutely necessary to complete a specific task.
Break glass is a quick way to extend personal access in special situations and should only be used when normal processes are insufficient (e.g., help desk or system administrator is unavailable). Examples of situations where emergency access may be required for "Break Glass" are account, authentication, and authorization issues. In many companies, there are critical tasks – in exceptional circumstances – that must be performed by people who are not normally allowed to perform them. For example, a junior physician will be able to perform certain tasks of a senior physician in an emergency.
Breaking Glass solutions are based on pre-scheduled emergency user accounts that are managed and distributed in a way that makes them quickly available without unreasonable administrative delays. Broken glass accounts and distribution procedures should be documented and tested as part of implementation and carefully managed to provide timely access when needed.
It is best practice to place pre-scheduled emergency accounts under the responsibility of an individual, such as an emergency account manager, who will be readily available during business hours and who understands the sensitivity and priority of emergency accounts. This person will distribute the account using the logout method, requiring the requestor to provide an acceptable form of identification and document it before the account becomes available.
When using emergency accounts, it is essential to monitor them carefully and conduct regular audits. In addition, the system should alert the security administrator when activating the emergency account. The administrator will ensure that the account is properly closed and a new account is established when completed.
Reference article
The hyperlink login is visible.
The hyperlink login is visible.
|
Previous:Front-end knowledge of JavaScript commonly referred to as ES6, ES8, ES 2017, ECMAScriptNext:[Actual combat]. NET/C# uses UDP to send and accept data
|
Landlord