Scribd
Upload
0 views

Information Security 15- Access Control

Access control is essential for information security, regulating who can access resources within an organization to protect sensitive data. It involves identification, authentication, and authorization processes, along with various models and policies to manage permissions. Continuous monitoring and the use of access control mechanisms help prevent unauthorized access and ensure accountability.

Uploaded by

devil289wl
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0 views

Information Security 15- Access Control

Access control is essential for information security, regulating who can access resources within an organization to protect sensitive data. It involves identification, authentication, and authorization processes, along with various models and policies to manage permissions. Continuous monitoring and the use of access control mechanisms help prevent unauthorized access and ensure accountability.

Uploaded by

devil289wl
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Access Control

• Access control is a critical component of information security that


governs who is allowed to access specific resources, systems,
or data within an organization.

• It encompasses a set of policies, procedures, technologies,


and practices that regulate and restrict access to protect
sensitive information, prevent unauthorized activities, and
maintain the confidentiality, integrity, and availability of data.

ArfanShahzad.c
Access Control
cont…
• Access control is a fundamental concept in cybersecurity and
plays a vital role in safeguarding an organization's digital
assets.

• Here are key aspects of access control:

ArfanShahzad.c
Access Control
cont…
• Identification: Access control starts with the identification of
users or
entities seeking access to a system or resource.
• This process typically involves the use of unique identifiers
such as usernames, employee IDs, or biometric data
(e.g., fingerprint or facial recognition).

ArfanShahzad.c
Access Control
cont…
• Authentication: Once identified, users must prove
their identity
through authentication methods.

• Common authentication factors include:

• Something you know (passwords),

• Something you have (smartcards or tokens), or

• Something you are (biometrics).


ArfanShahzad.c
Access Control
cont…

ArfanShahzad.c
Access Control
cont…
• Authorization: After authentication, the
system determines what
actions or resources the authenticated user is allowed to
access.

• Authorization is based on predefined policies and


permissions.

• Role-based access control (RBAC) and attribute-based


access control
ArfanShahzad.c
Access Control
cont…
• Access Control Models: Different access control models
define how permissions are granted and managed.

• The most common models are discretionary access


control (DAC), where resource owners determine
access, and mandatory access control (MAC), where
access is determined by system administrators based on
classification levels.
ArfanShahzad.c
Access Control
cont…
• Access Control Lists (ACLs): ACLs are lists associated with
resources, specifying the users or groups allowed or
denied access and the type of access they have (read,
write, execute).

• They are commonly used in file systems, network


devices, and databases.

ArfanShahzad.c
Access Control
cont…
• Access Control Policies: Organizations define access
control policies to determine how access is granted or denied
based on rules and conditions.

• Policies consider factors like user roles, data sensitivity,


and the context of access attempts.

ArfanShahzad.c
Access Control
cont…
• Access Control Mechanisms: Technologies like firewalls,
IDS, IPS, etc. enforce access control by monitoring and
filtering network traffic based on predefined rules.

• Physical Access Control: Physical access control restricts


entry to buildings, rooms, and facilities.

ArfanShahzad.c
Access Control
cont…
• Privilege Escalation: Ensuring that users
cannot escalate their privileges beyond what is
necessary for their tasks is crucial.

• This prevents unauthorized access and potential abuse.

ArfanShahzad.c
Access Control
cont…
• Continuous Monitoring: Regularly
monitoring access attempts and permissions helps
detect anomalies or unauthorized access.

• Logging and auditing access events contribute to


accountability and security incident investigation.

ArfanShahzad.c

You might also like