Access Control Policy

Good Essays
Associate Level Material
Appendix F

Access Control Policy

Student Name:

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name:

Date: December 9, 2012

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

An authentication process establishes the identity of some entity under scrutiny. On the Internet, authentication is somewhat more complex. Network entities do not typically have physical access to the parties they are authenticating. Malicious users or programs may attempt to obtain sensitive information, disrupt service, or forge data by impersonating valid entities. Distinguishing these malicious parties from valid entities is the role of authentication, and is a vital role in network security.

2 Access control strategy

1 Discretionary access control

Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary access says that the information owner is overall responsible for the information stored on the server. This job could be delegated out amongst teams or could be owned by a CEO or Vice President of a company.

2 Mandatory access control

Describe how and why mandatory access control will be used.

Subjects and objects each have a set of security attributes. Whenever a subject attempts to



References: Cite all your references by adding the pertinent information to this section by following this example. Merkow, M., & Breithaupt, J. (2006). Information Security: Principles and Practices. Upper Saddle, NJ: Prentice Hall. Rouse, M. (June 2007). authentication. Retrieved from http://http://searchsecurity.techtarget.com/definition/authentication Techotopia. (July 20, 2009). Mandatory, Discretionary, Role and Rule Based Access Control. Retrieved from http://http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control

You May Also Find These Documents Helpful

  • Powerful Essays

    Kudler Security Report

    • 8349 Words
    • 34 Pages

    8. Access control: Focuses on business requirement for access control, user access management, user responsibilities, network access control, operating system access control, application and information access control, and mobile computing and teleworking…

    • 8349 Words
    • 34 Pages
    Powerful Essays
  • Good Essays

    Lab 3 nt2580

    • 321 Words
    • 2 Pages

    type of access controls and permissions are probably configured? What type of Access Control would…

    • 321 Words
    • 2 Pages
    Good Essays
  • Good Essays

    | Describe ways to protect hardware, software and data and minimise security riskThere are steps to prevent threats to system and information: access to information sources should be allowed with Username and password/PIN selection. The system set up on password strength; how and when to change passwords (monthly); online identity/profile; Real name, pseudonym; what personal information to include, who can see the information; Respect confidentiality, avoid inappropriate disclosure of…

    • 793 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    The authentication process is a necessity for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last but not least reply attacks just to name a few. In addition, it is imperative that authentication policies are interchangeable with the organizations in which information is being exchanged if resources are being shared between alternative organizations.…

    • 1478 Words
    • 5 Pages
    Powerful Essays
  • Good Essays

    It244 R Appendix E

    • 650 Words
    • 3 Pages

    References: Cite all your references by adding the pertinent information to this section by following this example.…

    • 650 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Cmgt400 Week 3

    • 1752 Words
    • 8 Pages

    With the advances in technology, authentication has become part of our everyday lives, whether scanning your badge at work, signing for a credit card purchase, or logging into your Facebook/Twitter accounts. Authentication is the act of validating your identity while requesting access to software, purchases, or entry to a secured facility. There are four types of authentication; something you know, something you have, something you are, and something you can produce. When a service requests two or more types of authentication, it is called strong authentication, such as inserting an identification card and providing a password to access a computer workstation.…

    • 1752 Words
    • 8 Pages
    Better Essays
  • Better Essays

    User accounts and passwords are implemented to maintain individual accountability for network resource usage. Any user who obtains an account and password for accessing a Corporation Tech provided resource, is required to keep these credentials confidential. Users of these systems may only use the accounts and passwords for which they have been assigned and authorized to use, and are prohibited from using the network to access these systems through any other means. This plan also prohibits the sharing of personal user accounts or passwords for accessing Corporation Tech or…

    • 4134 Words
    • 12 Pages
    Better Essays
  • Powerful Essays

    FINAL Project IS3230

    • 1645 Words
    • 6 Pages

    With mandatory access control, this security policy is centrally controlled by a security policy administrator; users do not have the ability to override the policy and, for example, grant access to files that would otherwise be restricted. By contrast, discretionary access control (DAC), which also governs the ability of subjects to access objects, allows users the ability to make policy decisions and/or assign security attributes. (The traditional UNIX system of users, groups, and read-write-execute permissions is an example of DAC.) MAC-enabled systems allow policy administrators to implement organization-wide security policies. Unlike with DAC, users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users.…

    • 1645 Words
    • 6 Pages
    Powerful Essays
  • Satisfactory Essays

    07: Password and Ref

    • 4381 Words
    • 33 Pages

    Authentication is the process of ensuring that the individuals trying to access the system are who they claim to be.…

    • 4381 Words
    • 33 Pages
    Satisfactory Essays
  • Better Essays

    Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology.…

    • 1432 Words
    • 5 Pages
    Better Essays
  • Good Essays

    Role Based Access Control or RBAC, this will work well with the Non-Discretionary Access Control model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or granting access to a group of people with the same job roles or responsibilities . With many different locations along with many different users it is important to identify the different users and different workstations within this network. Every effort should be dedicated towards preventing user to access information they should not have access to.…

    • 651 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    It 244 Ap C

    • 466 Words
    • 2 Pages

    As applies to your selected scenario, explain how the confidentiality, integrity, and availability principles of information security will be addressed by the information security policy.…

    • 466 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Nt1330 Unit 1 Assignment

    • 711 Words
    • 3 Pages

    Is a process of identifying a user and about verifying whether someone is who they claim to be. Typically, authentication is achieved by the user sharing credentials that somehow verify the user's identity. It usually involves a…

    • 711 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Nt2580 Final Project

    • 1848 Words
    • 6 Pages

    Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. |…

    • 1848 Words
    • 6 Pages
    Better Essays
  • Powerful Essays

    Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.…

    • 1356 Words
    • 5 Pages
    Powerful Essays