SYSTEM SECURITY

Introduction

The System Security Module ensures full system security. It has a comprehensive permissions infrastructure, the means to secure sensitive information, full data integrity checking, and the facility to set up and produce audit trail analyses.

Features

  • Full user-controlled system access
  • Establish who and what will be tracked
  • Perform an audit trail analysis (find out who did what and when)
  • PCs can be set to lock themselves after a certain number of minutes
  • All restricted information is encrypted
  • Access to confidential/sensitive information controlled

Contents

Security Settings

User Accounts

Locking your PC

Audit Trial Setup

Audit Trial Analyses

Sensitive Information

 

 


Security Settings

The system can be set to automatically perform the following:

  • Locking PC - Automatically lock PCs after X minutes of inactivity. Default is 5 minutes.

 

User Accounts

User accounts control the system access that a user has.

Details:

  • Database Passwords - All database login information is encrypted.
  • User Logins - Each user of TS School must have a login account. A login account consists of a unique username and a password. Passwords have to be at least 6 characters long. All passwords are encrypted.

 

Locking your PC

You may often have to quickly go somewhere whilst in the middle of working with confidential information, or you may simply be a user that has a lot of access throughout the system and it would be damaging for someone to access, change or even delete critical information while your back is turned. Being a user with a login, you will naturally be held accountable for everything that happens under your user login. Instead of your having to log out each and every time you need to go somewhere, you can simply secure your PC by clicking the Lock PC button. To unlock your PC, simply enter your password.

Automatic Locking

The system can be set to automatically lock a PC after X number of minutes of inactivity (the default is 5 minutes).

 

Audit Trail Setup

Audit trials reveal user activity in the system (i.e. who did what and when). In order have a record of user activity, the criteria for capturing user activity have to first be set up so that TS School knows what to capture in first place. The Audit Trial Setup screen is used for this as follows:

  • Processes – Indicate which processes to track
  • Staff – Indicate which staff members to track
  • Learners – Indicate which learners to track

Audit Trails trace who inserted, changed or deleted what information in what row in what table and when. This is useful in determining who did what and when after the event.

 

Audit Trail Analyses

Audit trail analyses determine who did what and when.

The question

The criteria for an audit trail analysis are as follows:

  • Transaction Type – The type of database transaction
  • Insertions – information that was added to the database for the first time.
  • Updates – Information that was changed (shown are what the information was and what it was changed to)
  • Deletions – Deleted information (shown are what the information was before it was deleted)

 

  • Date Range – The start and ending dates of the analysis of user activity.
  • Categories – This is a quick way for determining exactly what you want to know in the analysis.
  • For example, you may want to know who changed the description of the Class Administrator user group.
  • Firstly, we are dealing with user groups, so select the User Groups category.
  • Once the category is selected, all the processes associated with the category are shown.

 

  • Processes – Shows all the applicable processes whereby one can filter. In our example, since we are interested in user groups check the User – Groups process.
  • Regarding – Targets a specific object in question. In our example, we are interested in the Class Administrator user group, so check that.
  • Users – Indicate who you want to include in your analysis. Typically, all users are simply checked.

 

The Answer

Shown is a basic analysis:

  • Date and Time – of the transaction
  • Name – Title, Surname, first name, second name (employee number)
  • Action – A brief description of what took place (e.g. Changed details for user group Class Administrator)

 

Sensitive Information

The School Principal may not want certain people getting hold of certain sensitive information. Such information includes the following:

Sensitive Staff Info:

  • Staff Discipline
  • Staff Awards
  • Staff Experience
  • Staff Qualifications
  • Staff Appraisals
  • Staff Medical Condition

Sensitive Learner Info:

  • Learner Merits
  • Learner Demerits
  • Learner Discipline
  • Learner Awards
  • Learner Marks
  • Learner Medical Condition

 

© Copyright 1993 - 2012 Time Software. All Rights Reserved.