General Security Principles
The following principles are fundamental to using any application securely.
Keep Software Up to Date
One of the principles of good security practice is to keep all software versions and patches up to date. Since all interactions with RPASCE applications occur via a web browser (either through the RPASCE Client or through the Object Store web interface) and the FTP, these must be maintained at their latest release level to ensure the security of customer information.
Follow the Principle of Least Privilege
The principle of least privilege states that users must be given the lowest privilege level required to perform their jobs. Overly ambitious granting of responsibilities, roles, grants, and so on, especially early on in an organization's life cycle when people are few and work must be done quickly, often leaves a system wide open for abuse. User privileges must be reviewed periodically to determine relevance to current job responsibilities.
Monitor System Activity
System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow the audit advice in this document and regularly monitor audit records.