It244 Access Control
1. Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
1.1. Authentication
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
Authentication credentials are used to control access to sensitive data or systems by making it hard for people to get into the system who shouldn't have access. Passwords and usernames are a good start because if they are kept secure, they are generally very hard to bypass. If they are bypassed by some method however, there is why multifactor authentication is good. The highest amount of authentication is triple authentication which is something you have, something you know, and something you are. This would be something like a keycard, a password, and a fingerprint or voice recognition. All three must be present, meaning it would be very difficult to get through that system. Single sign-on is where a user is passed for entry to all applications or system after authenticating on just one of them. There is also single sign off which is the opposite.
1.2. Access control strategy
1.2.1. Discretionary access control
Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.
The principle of least privilege is great for keeping things safe. It helps assure confidentiality because people or systems lower on the chain of command are going to have less security, thus if they had access to more than they needed, more would be at risk. By following the principle of least privilege, the people or
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
1.1. Authentication
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
Authentication credentials are used to control access to sensitive data or systems by making it hard for people to get into the system who shouldn't have access. Passwords and usernames are a good start because if they are kept secure, they are generally very hard to bypass. If they are bypassed by some method however, there is why multifactor authentication is good. The highest amount of authentication is triple authentication which is something you have, something you know, and something you are. This would be something like a keycard, a password, and a fingerprint or voice recognition. All three must be present, meaning it would be very difficult to get through that system. Single sign-on is where a user is passed for entry to all applications or system after authenticating on just one of them. There is also single sign off which is the opposite.
1.2. Access control strategy
1.2.1. Discretionary access control
Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.
The principle of least privilege is great for keeping things safe. It helps assure confidentiality because people or systems lower on the chain of command are going to have less security, thus if they had access to more than they needed, more would be at risk. By following the principle of least privilege, the people or