Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:exception

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:exception [2023/02/07 21:25]
katcow 		wiki:policies:exception [2023/02/07 21:46] (current)
katcow
Line 22: Line 22:
   * An emergency situation requires violation of the relevant security policy.   * An emergency situation requires violation of the relevant security policy.
  
- +=== To Request an Exception===
-To request an exceptions+
  
 Email or slack the [[wiki:policies:infosec#information_security_organization|information security team]] to request an exception. You request must contain the following information:  Email or slack the [[wiki:policies:infosec#information_security_organization|information security team]] to request an exception. You request must contain the following information: 
Line 40: Line 39:
 Steve would like to share Carl's Pizza Planet Account to order Pies for after-hour work events. This violates our access control policy, which Steve is well-acquainted with, as he pays close attention during annual trainings.  Steve's request might look like the following:  Steve would like to share Carl's Pizza Planet Account to order Pies for after-hour work events. This violates our access control policy, which Steve is well-acquainted with, as he pays close attention during annual trainings.  Steve's request might look like the following: 
  
-  * Request: I would like shared access to Carl'Planet Pizza online Accounts.  +  * Request: I would like share access to Carl's Pizza Planet online account.  
-  * Policy: Attaching the access control policy : [[https://wiki.nested-knowledge.com/doku.php?id=wiki:policies:access]] +  * Policy: I'm attaching the access control policy: [[https://wiki.nested-knowledge.com/doku.php?id=wiki:policies:access]] 
-  * Application; Our account on the Pizza Planet web application, accessible at the website: https://www.pizza-planet.org. +  * Device/Application: Carl'account on the Pizza Planet web application, accessible at the website: [[https://www.pizza-planet.org/portal]]
   * Rationale: Pizza Planet only permits one account per each business credit card.   * Rationale: Pizza Planet only permits one account per each business credit card.
   * Duration: Four - Six months.    * Duration: Four - Six months. 
-  * Risk: Passwords shared online may be intercepted, compromising our account and credit card information. +  * Risk: Passwords shared online may be intercepted, compromising Carl'account and our business credit card information. 
-  * Mitigation: To limit risk, credentials will be shared face-to-face verbally. +  * Mitigation: To limit risks, credentials will be shared face-to-face verbally. We will change the account password every 6-8 weeks.  
 + 
 + 
 +===== Compliance ===== 
 +Policy exception requests will be reviewed monthly or as they occur
  
  
wiki/policies/exception.1675805145.txt.gz · Last modified: 2023/02/07 21:25 by katcow

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki