Access Control Policy
Associate Level Material
Appendix F
Access Control Policy
Student Name: Casey DeCesare
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Scott Sabo
Date: 5/27/2014
1. Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
1.1. Authentication
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Authentication credentials permit the system to verify one’s identification credential. Authenticating yourself to a system tells it the information you have established to prove that you are who you say you are. Most often, this is a simple password that you set up when you receive the privilege to access a system. You may receive an assigned password initially with the requirement that you must reset it to something more personal—something that only you can remember. However, passwords are the easiest type of authentication to beat. Free and widely available programs are available on the Internet to break the security afforded by passwords on most of the commonly used systems. With two or three factors to authenticate, an information owner can gain confidence that users who access their systems are indeed authorized to access their systems. This is accomplished by adding more controls and/or devices to the password authentication process. Biometric scanning uses unique human characteristics to identify whether the person trying to gain access is authorized to enter or not. One common approach to managing IDs and passwords is to create a password or PIN vault. These programs use secure methods to locally store IDs and passwords that are protected by a master password that unlocks the vault when it’s needed.
1.2.
Appendix F
Access Control Policy
Student Name: Casey DeCesare
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Scott Sabo
Date: 5/27/2014
1. Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
1.1. Authentication
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Authentication credentials permit the system to verify one’s identification credential. Authenticating yourself to a system tells it the information you have established to prove that you are who you say you are. Most often, this is a simple password that you set up when you receive the privilege to access a system. You may receive an assigned password initially with the requirement that you must reset it to something more personal—something that only you can remember. However, passwords are the easiest type of authentication to beat. Free and widely available programs are available on the Internet to break the security afforded by passwords on most of the commonly used systems. With two or three factors to authenticate, an information owner can gain confidence that users who access their systems are indeed authorized to access their systems. This is accomplished by adding more controls and/or devices to the password authentication process. Biometric scanning uses unique human characteristics to identify whether the person trying to gain access is authorized to enter or not. One common approach to managing IDs and passwords is to create a password or PIN vault. These programs use secure methods to locally store IDs and passwords that are protected by a master password that unlocks the vault when it’s needed.
1.2.
References: Cite all your references by adding the pertinent information to this section by following this example. Information Security: Principles and Practices, by Mark S. Merkow, CISSP, CISM and Jim Breithaupt.