Access Control Policy
ACCESS CONTROL POLICY:The access control policy outlines the controls placed on both physical access to the computer system (that is, having locked access to computer networks and data. This policy provides details on controlling access to information and systems.This is a security technique that can be used to regulate who or what can view or use resource in a computing environment.There are two types of acess control: physical and logical.Physical access control limits access to campuses, buildings, rooms and physical IT assets, logical access limits connections to computer networks, system files and data.Access control systems perform authorization, identification, authentication, access approval, and accountability of entities through login credentilas including passwords, personal identified number (PINS), biometric scans, and physical and electronic keys.
NEED FOR DESIGNING PROCEDURE FOR SIMPLE TASKS SUCH AS CREATING OR MODIFYING ACCESS CONTROLS:Access controls is a important part of security in any business setting,• Access control insures the protection of sensitive materials from being access from unauthorized users, as well as keeping in-house materials in-house and not distributed to unauthorized personnel.• When you are planning of modifying access control or creating it you first need to take in account some necessary steps i.e the type of personnel that will be implementing the procedures.• Simple methods has to be followed that will allow the users to correct ass or delete any information.• The procedure should be made in such a way that any unauthorized users cannot get in and change information on their own.Access control is usually taken care of in 3 steps, which are identification, authentication and authorization. Three factors in authentication are discussed here1.
The least expensive, but least secure method is using something a person knows ( a password or a pin)2. An expensive, but secure option is using something a person has ( such as access card)3. The most expensive but most secure method is using the people themselves,