ACCESS CONTROL 6 ACCESS CONTROL PROGRAM

[ad_1]

ACCESS CONTROL 6 ACCESS CONTROL PROGRAM
The primary categories of access control system that managers may choose include; role-based access control (RBAC) which gives access according to the title of the job.
Managers would use this to know who created a network account because only network administrators have the permission to. Rule-based access control (RAC) is mainly based on context. Managers would use this type of access control to know who accessed the premises or facilities that they were not allowed to, and at what time.
Mandatory access control (MAC), it does not give users a lot of freedom to choose who can have access to their files. Managers would use this type of access control to know who accessed confidential or top secret data without permission.
History-based access control (HBAC), it grants or declines access based on the evaluation of the history of activities of the inquiring individual for instance the content of their requests, and time between their different requests.
Managers would use this access control who had access and who did not, to certain data or services, and the time. Responsibility based access control, gives access to an individual based on their responsibility.
For instance if an access is only granted to individuals from the lT department, managers would know if someone from human resources tried to access it. Discretionary access control (DAC), the owners of the data determines individuals that can access specific data or resources.
Managers can use this type of access control to determine who can have access to their sensitive information and data. (Musa. S, 2014) The logical or technical controls that managers would implement to detect any suspicious activity that occurs on a network are;
policy and procedures, security policies are high level plans that states the intentions of the management pertaining to how security should be practiced within the organization, the level of risk that the company is willing to accept, and that actions that are acceptable.
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems 43%
https://www.iup.edu/WorkArea/DownloadAsset.aspx?id=195271 43%
policy and procedures, security policies are high level plans that states the intentions of the management pertaining to how security should be practiced within the organization, the level of risk that the company is willing to accept, and that actions that are acceptable.
Another control is personnel controls, it demonstrates how employees are expected to interact with security mechanisms, and address non-compliance issues related to these expectations.
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems 38%
Another control is personnel controls, it demonstrates how employees are expected to interact with security mechanisms, and address non-compliance issues related to these expectations. Computer control is also a control that managers should implement.
Each computer in the organization can have a physical control installed and configured for instance locks, to ensure that the internal parts cannot be stolen, or remove the CD-ROM and floppy drives to prevent any confidential information from being copied.
Another control is network segregation, which can be carried out through both technical and logical means. A section of the network, including the web servers, routers and switches may have employee workstations.
Another control is perimeter security. Perimeter security should be implemented depending on the company and the security requirements of the environment. For instance, one environment may require that employees have an authorization by a security guard by showing their identity cards, while another environment may require no authentication for access in the premises.
Another control that should be implemented is data backups. Data should be backed up is a measure to ensure that information can be retrieved after an emergency like data loss or a disruption of the system or network.
Another control is supervisory structure. The organization’s management should make a supervisory structure that enforces management members to have the responsibility for their employees and for them to take vested interests in their activities.
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems 35%
https://www.iup.edu/WorkArea/DownloadAsset.aspx?id=195271 35%
Another control is supervisory structure. The organization’s management should make a supervisory structure that enforces management members to have the responsibility for their employees and for them to take vested interests in their activities.
Examples of technical controls include installation of a firewall, antivirus, audit logs, encryption, routers, and alarms and alerts. Since many senior executives are concerned that the lT systems would not be able to handle incidents, l would recommend that the management implement a rule based access control (RBAC).
This would help them control the personnel that access the company networks and perform specific operations and during a catastrophe. This is to ensure that no unauthorized individuals can access the company’s data and sensitive information at that time.
Only members of the staff with various assigned roles can have the permission to perform certain operations that are needed to perform some operations. (Dhangar. R, 2015) Physical access controls are used by companies to protect the hardware setups from unauthorized physical access via the common or the same security procedures that protects their trade secrets and everything else in their geographic location. These physical protections include security gates in the premises, lD budges, and more advanced security measures like biometric identification. ln addition, the company should adopt a security method of identification of key users who are vetted and given security clearance. This would be a good measure to ensure that no unauthorized personnel can access the premises during a catastrophe. (Micali. S et al, 2008).
Logical access controls on the other hand are protocols and tools that are used for identification, accountability, authorization, and authentication of information systems of a computer. Logical access is needed for for remote access of hardware where equipment is used and stored. lt enforces the measures for access control for programs, systems, information, and processes. These controls can be infused within applications, operating systems, added security packages, and databases. Logical controls protect the systems, data, and networks, and also the environment that protects them. (Collins. L, 2013)
References Collins. L, (2013). Access controls in Cyber Security and lT lnfrastructure Protection. ScienceDirect https://www.sciencedirect.com/topics/computer-science/logical-access-control Dhangar. R, (2015). What is rule based access control (RAC)? Quora https://www.quora.com/What-is-a-rules-based-access-control-RAC
Micali. S, Engberg. D, Libin. P, Sinelnikov. A .Physical access control. US Patent 7,353,396,2008 Musa. S, (2014). Cybersecurity:Access Control. Evolllution, a destiny solution illumination.

The post ACCESS CONTROL 6 ACCESS CONTROL PROGRAM appeared first on mynursinghomeworks.

[ad_2]

Source link