It 244 Appendix F Essay

890 Words4 Pages
Axia College Material
Appendix F

Access Control Policy

Student Name: Katelyn Sims

Axia College

IT/244 Intro to IT Security

Instructor’s Name: Jennifer McLaughlin

Date: 11/22/2011

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

Authentication of an individual to access and use files, systems, and screens is vital to
…show more content…
Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary access control means only certain permitted users are allowed access to specific things. However, someone with permitted access can let another user use their access. The least privilege principal is where access is only granted to certain systems and certain data that is needed to do the users job. Sometimes temporary access is given to data that is required to access random jobs or to see what that user is doing. When this happens, the access is only temporary, it is imperative to uphold the principal of least privilege to ensure that user does not have access to the data when the job finished.

2 Mandatory access control

Describe how and why mandatory access control will be used.

Mandatory access control is a single user, normally the network admin, who is given access to the users’ rights and privileges. They control access policies and are also in control of choosing which objects and what systems each individual user has access to and what they do not have access to. The access is made in the form of different levels. Each system and all folders containing information are put into a specific classification. The user will be in a certain classification that will only allow them to access data

More about It 244 Appendix F Essay

Open Document