Access Control Policy
University of Phoenix
IT/244 Intro to IT Security
Date: December 9, 2012
Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
An authentication process establishes the identity of some entity under scrutiny. On the Internet, authentication is somewhat more complex. Network entities do not typically have physical access to the parties they are authenticating. Malicious users or programs may attempt to obtain sensitive information, disrupt service, or forge data by impersonating valid entities. Distinguishing these malicious parties from valid entities is the role of authentication, and is a vital role in network security.
2 Access control strategy
1 Discretionary access control
Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.
Discretionary access says that the information owner is overall responsible for the information stored on the server. This job could be delegated out amongst teams or could be owned by a CEO or Vice President of a company.
2 Mandatory access control
Describe how and why mandatory access control will be used.
Subjects and objects each have a set of security attributes. Whenever a subject attempts to
References: Cite all your references by adding the pertinent information to this section by following this example. Merkow, M., & Breithaupt, J. (2006). Information Security: Principles and Practices. Upper Saddle, NJ: Prentice Hall. Rouse, M. (June 2007). authentication. Retrieved from http://http://searchsecurity.techtarget.com/definition/authentication Techotopia. (July 20, 2009). Mandatory, Discretionary, Role and Rule Based Access Control. Retrieved from http://http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control