Access Control Policy

1679 Words7 Pages
Associate Level Material
Appendix F

Access Control Policy

Student Name: Charles Williams

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name: Tarik Lles

Date: December 4, 2011

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

Access control is used to restrict operations, which authorized users can perform. Access control does exactly what it says, it controls what access an authorized user can have. A reference monitor is used for access control and follows instructions from an authorization database. These authorizations are controlled and administered by a security administrator who sets
…show more content…
It is also possible under some operating systems for the network or system administrator to dictate which permissions users are allowed to set in the ACL’s of the resources. Discretionary Access Control has a more flexible environment than Mandatory Access Control, but also increases the risk that data will be made accessible to users who should not gain access. Understanding permissions about the security of file servers on the network will increase network security (Bushmiller, 2011).

2 Mandatory access control

Describe how and why mandatory access control will be used.

Mandatory Access Control (MAC) uses a hierarchy approach to control access to resources, such as data files. The system administrator is responsible for the settings in a MAC environment. All access to resource objects is controlled by the operating system based on setting configured by the system administrator. With MAC it is not possible for users to change the access control for any resource. Mandatory Access Control starts with security labels, which contain two types of information and are assigned to all resource objects on the system. The two types of information are classification, such as confidential or top secret and a category, which is basically an indication of the project or department to which the object is available, or an indication of the management level.
Get Access