A Brief Note On Access Control Access Controls

1617 Words7 Pages
Thus majority of the respondents think frequent change of password is necessary but not manageable which indicate usability issues like inability to create passwords as frequently as obligatory. Inglesant and Sasse (2010) found that end-users experience with password security policy is that of rigidity in regards to their skills and official responsibilities. Inglesant and Sasse (2010) also found an improvement in the number of their respondents that is 9 out of 32 respondents wrote down their passwords as end-users are more aware of data security. Access control limit access to sensitive data based on organisation policies by determining who and how data can be accessed based on a “need to know” of an entity like an employee’s name, position or something you are like fingerprints (Goodrich and Tamassia 2011, Kizza 2010). Additionally identity depends on other characteristics such as something you are acquainted with like password and something you have like secret encryption key. Access control is based on the assumption that only the authorized entity has possession of what they are, know or have (Shabtai, Yuval and Rokach 2012). However access control is limited in preventing data leakage due to social engineering and networking. This have led to recent development of using more than one form of access control in a process called layered authentication like audio-visual interfaces (Jang-Jaccard and Nepal 2014). Access control also holds employees accountable
Open Document