Access Control Policy Research Paper

1. Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1.1. Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

Authentication credentials are vital to the security of information within an organization. The first thing that needs to be done is to authenicate the computers that need access. You can achieve this by having security questions or by IP address. There are different ways but the most effienct is the use of a physical

device that contains credentials and passwords.
The most basic form of authentication is using a Pin Number.

However, Biometrics

like retina and fingerprint scanning are used also. A PIN authentication is

given to the user by the organization for the user to remember, this will be his

or her constant login information each time he or she needs to access a certain data. In

other companies, photos badges can also be used for authentication.

The next form of authentication is the two-factor authentication, meaning two forms of identification is required to access information. For example, a Pin number and strong password would be required. Having two or more credentials gives added security to the company to allow access to information.

Finally, the three-factor authentication deals with biometrics. This is the use of retinal scanning, voice prints, fingerprints, etc. This is one of the most effiecent authentication processes because the major credential is impossible to steal or imitate. This is because is uses the most unique person of a person. Among all the acess controls, fingerprint scanning is commonly used because fingerprints are unique to one individual noone shares the same finger print.

1.2. Access control strategy

1.2.1. Discretionary access

control
Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.
This control is implemented when the ower of the information grants access to someone. For example, If I was the administrator I will grant access to the user. The user then login using the login information that was granted to the user. The user is the only one who will have access to that information unless the administrator grants access to someone else.
1.2.2. Mandatory access control
Describe how and why mandatory access control will be used.

MAC is a type of control that decides who will be granted access to the information based on labels, obejects, and subject. This control takes a hierarchial role when controling access to information. This method is widely used by the U. S. military.

Role-based access control

Describe how and why role-based access control will be used.

Role-base access controls allows a group of users to access and share the same information as long as it helps the user perform his or her daily duities. Role-base access can also assigns roles in the organization and assign users to that role.

1.3. Remote access

Describe the policies for remote user access and authentication via dial-in user services and Virtual Private Networks (VPN)

When you are away from the office and need to get work done from home or aboard with granted access you can use the VPN or dial-up to access the infromation needed. If an

encryption card is implemented, remote access will be set through SSL. The policies

especially on password set-up should also be applied in the remote websites of the

company so that all users would abide by the same regulation (Merkow &

Breithaupt,
2008).