Drupal provides several levels of control over your Website’s security. The basic security model includes the dual approach of authentication and authorization. Users are first prompted for authentication – a user ID and password that prove they are a legitimate user of the system. The next level is authorization – meaning that once they prove they are users of your system, they are granted only access to the functions and areas that they need.
In addition, Drupal’s user roles and permissions controls allow an administrator to define several different classes of users. This enables you to maximize your security by locking down certain areas of the site, or giving certain users permission to only author content (but not publish it), rather than handing over the keys to the entire site to any contributor. These access controls allow you to limit both which types of content users are allowed to work with and which actions they are allowed to perform with that content.
As you plan your Drupal site, DPCI will help you plan security policies that meet the specific needs of your organization. These might include defining user roles that fit your organizaiton and workflows, guidelines for password criteria, firewall recommendations, encryption for data being submitted to the site, or other measures designed to ensure that your data never falls into the wrong hands.