Access Control Policy

Topics: Access control, Authentication / Pages: 3 (703 words) / Published: Dec 19th, 2012
Associate Level Material
Appendix F

Access Control Policy

Student Name:

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name:

Date: December 9, 2012

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

An authentication process establishes the identity of some entity under scrutiny. On the Internet, authentication is somewhat more complex. Network entities do not typically have physical access to the parties they are authenticating. Malicious users or programs may attempt to obtain sensitive information, disrupt service, or forge data by impersonating valid entities. Distinguishing these malicious parties from valid entities is the role of authentication, and is a vital role in network security.

2 Access control strategy

1 Discretionary access control

Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary access says that the information owner is overall responsible for the information stored on the server. This job could be delegated out amongst teams or could be owned by a CEO or Vice President of a company.

2 Mandatory access control

Describe how and why mandatory access control will be used.

Subjects and objects each have a set of security attributes. Whenever a subject attempts to

References: Cite all your references by adding the pertinent information to this section by following this example. Merkow, M., & Breithaupt, J. (2006). Information Security: Principles and Practices. Upper Saddle, NJ: Prentice Hall. Rouse, M. (June 2007). authentication. Retrieved from http:// Techotopia. (July 20, 2009). Mandatory, Discretionary, Role and Rule Based Access Control. Retrieved from http://,_Discretionary,_Role_and_Rule_Based_Access_Control

You May Also Find These Documents Helpful

  • Access Control Policy
  • Access Control Policy
  • Remote Access Control Policies
  • remote access control policy
  • Access Control: Policies, Models, and Mechanisms
  • Access Control
  • Access Control
  • Access Control
  • access control
  • Remote Access Control Policy for Richmond Investments