For years NIST has established the generally accepted definition of roles based access (http://csrc.nist.gov/rbac). No one has challenged the prescriptive parameters outlined by NIST. Every role must have an assignment, every role must be authorized for a subject, and transactions can only…
Security awareness training usually incorporates web security topics. The message needs to be brief and relevant to non-techies, so they will pay attention. Consider focusing the audience’s attention on the browser—a tool that, for most people, personifies the web both at home and at work.
