 | Coming Soon An innovative security and governance solution for SharePoint will soon be available here. Improve Compliance and Risk Management Protect Business-Critical Information and Processes. Please contact info at SharePoint2007Security.com for more information. |
Security Governance
Posted on 11. Jun, 2009 by Tristan
in audit logging, governance, model
SharePoint security governance is based around ensuring the confidentiality, integrity, and availability of information and services, while also ensuring that operational activities comply with relevant compliance requirements.
In establishing a workable SharePoint security governance model, it is important to consider who is responsible for what. An example governance model is depicted below.
A Governance model is established through:
- Identifying appropriate roles and responsibilities;
- Structuring the roles and responsibilities to achieve proper accountability and delegation;
- Determining security activities;
- Establishing processes for the continual monitoring and control of activities;
- Ensuring that these activities take place.
Example security roles and responsibilities
| Responsibility | Assigned to | Escalates to |
| Ensure appropriate access controls on information | Site owner | SharePoint Governance board |
| Ensure secure site configuration (e.g. audit logging) | IT administrator | SharePoint Governance board |
| Ensure secure infrastructure configuration | IT team | IT Director |
| ... | ... | ... |
Example security procedures
Procedures may be required:
- Assess the business impact of change;
- Request access to sites;
- Request creation of new site / site collection / web application;
- Manage new user requests;
- To assess new SharePoint add-ins.
Example security activities
Secure site configuration in SharePoint includes:
- System administration;
- Content sensitivity assessment;
- Audit logging;
- Document versioning;
- Access controls;
Navigation
Most Popular
1 year 51 weeks ago
2 years 13 weeks ago