Access Control Policy

Topics: Access control, Authentication, Computer security Pages: 4 (703 words) Published: December 19, 2012
Associate Level Material
Appendix F

Access Control Policy

Student Name:

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name:

Date: December 9, 2012

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

An authentication process establishes the identity of some entity under scrutiny. On the Internet, authentication is somewhat more complex. Network entities do not typically have physical access to the parties they are authenticating. Malicious users or programs may attempt to obtain sensitive information, disrupt service, or forge data by impersonating valid entities. Distinguishing these malicious parties from valid entities is the role of authentication, and is a vital role in network security.

2 Access control strategy

1 Discretionary access control

Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary access says that the information owner is overall responsible for the information stored on the server. This job could be delegated out amongst teams or could be owned by a CEO or Vice President of a company.

2 Mandatory access control

Describe how and why mandatory access control will be used.

Subjects and objects each have a set of security attributes. Whenever a subject attempts to...

References: Cite all your references by adding the pertinent information to this section by following this example.
Merkow, M., & Breithaupt, J. (2006). Information Security: Principles and Practices. Upper Saddle, NJ: Prentice Hall.
Rouse, M. (June 2007). authentication. Retrieved from http://
Techotopia. (July 20, 2009). Mandatory, Discretionary, Role and Rule Based Access Control. Retrieved from http://,_Discretionary,_Role_and_Rule_Based_Access_Control
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • It 244 Access Control Policy Appendix F Essay
  • Essay about Access Control Policy
  • Company Policy Essay
  • Essay on Access Control Policy
  • Lab3 Enabling Windows Active Directory and User Access Controls Essay
  • Information Security Policy Essay
  • The Role Of Information Security Policy Essay
  • Acceptable Use Policy Essay

Become a StudyMode Member

Sign Up - It's Free