It 244 Appendix F

Only available on StudyMode
  • Download(s) : 186
  • Published : July 9, 2012
Open Document
Text Preview
Associate Level Material
Appendix F

Access Control Policy
IT/244 Intro to IT Security
Access Control Policy
Authentication
Authentication credentials verify that the identification credentials given to a system, which one has established proving that one is who one has claimed to be are authentic. This prevent persons without the being granted access from viewing information which is not intended for him or her. This process could be as simple as a password; or it could be as elaborate as a biometric hand print scan, retinal scan, and a key. This is all subject to nature of what is being protected; items in a safety deposit box to information on a government or business mainframe. Access control strategy

Discretionary access control
First of all with discretionary access control the individual or company who owns information gets to decide which people or work stations are allowed access to said information. The owner can then authorize other people to dictate access to the information making them responsible for the data. With the least privilege principle the people or parties responsible for the delegation of information can then allow other only enough information which allows one to do his or her specific job and nothing more. This is used in Windows, Mac, and other operating systems of today Mandatory access control

Mandatory access control is used to determine who has access to what, the higher the clearance the less restricted one is. For example, if one has clearance to access level E information on a system then that is all he or she can access. However, if one has the credentials to access level B information he or she would also be allowed to access information on level C, level D, and level E. Essentially the higher the information clearance one has the more information one is able to access. Role-based access control

Describe how and why role-based access control will be used. With role based access control the parties,...
tracking img