This refers to a recent project we performed for a major Health Care Company. We designed and executed the migration to an enterprise-wide security system. It is the intent of this project was to provide a path to follow when creating or migrating to a security system. Initially, a primitive online security system was the only mechanism to control access to corporate data. The exposures were severe - there were no integrity controls outside of the online environment. Anyone with basic programming skills could add, change and/or delete production data.
A project plan was developed to identify tasks, assign resources and ensure milestones were met. The scope of the security initiative included creating an inventory of information assets, creating new objects (data within datasets), constructing new groups, and granting the appropriate permissions for access to the objects. Training documentation was created to instruct the users on how to access the new system, both in an interactive and batch mode. Onsite meetings were conducted to train the trainers, who in turn, provided mentoring and tutoring for their internal users.
After we concluded the project an independent audit conducted an exhaustive review of the security system, standards, procedures, and guidelines. We are proud to say that the auditors' final report did not identify any significant defects or material weaknesses associated with the security system.