Access Control Policy

Only available on StudyMode
  • Download(s) : 169
  • Published : December 19, 2012
Open Document
Text Preview
Associate Level Material
Appendix F

Access Control Policy

Student Name:

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name:

Date: December 9, 2012

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

An authentication process establishes the identity of some entity under scrutiny. On the Internet, authentication is somewhat more complex. Network entities do not typically have physical access to the parties they are authenticating. Malicious users or programs may attempt to obtain sensitive information, disrupt service, or forge data by impersonating valid entities. Distinguishing these malicious parties from valid entities is the role of authentication, and is a vital role in network security.

2 Access control strategy

1 Discretionary access control

Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary access says that the information owner is overall responsible for the information stored on the server. This job could be delegated out amongst teams or could be owned by a CEO or Vice President of a company.

2 Mandatory access control

Describe how and why mandatory access control will be used.

Subjects and objects each have a set of security attributes. Whenever a subject attempts to...
tracking img