Introduction
Access controls refer to the approaches through which an organization establish regulations and regulate the access of data. Access controls are essential in data security by ensuring that only the authorized personnel within an organization can access data within and also outside the organization premises (Jacobs, Clemmer, Rogers, & Dalton, 2003). Therefore, access control primary objective is to ensure availability, integrity and the confidentiality of data within an organization and only authorized personnel to have access to data (Krause & Tipton, n.d.). This paper will evaluate critical areas and objectives of study in access control by creating critics from learning materials as well as secondary data.
Access Control Subjects and Objects
Ausanka-Crues, R. (2001). Methods for access control: advances and limitations. [Internet Source] Retrieved from Trident Online Library.
Summary and Critique
According to Ausanka-Crues (2001), access controls are created to manage how the subjects within an organization which refers to the individuals that have been given authorization can access data without infringing on the authenticity and security of the data. Access subjects are therefore the individuals who can acquire and use organization data and there access to information is regulated by the access objects. Access control creates access objects which are helpful in regulating the data that subjects can be able to obtain within an organization data server. Ausanka-Crues (2001) confirms that the access subjects are arranged in the form of levels which makes access control effective and applicable by ensuring that subjects can only access data from their designated levels. Besides, the use of access objects makes it possible for organizations to divide data based on confidentiality and subject levels which is a practical approach to ensuring data security while improving accessibility. Pre-established rules ensure that subjects access to different objects in restricted based on the subject level. It is essential to understand that access objects contain hardware, data networks, algorithms and infrastructural structures which control subjects which can access organization data.
Access Control Systems
Samarati, P., & de Vimercati, S. C. (2000, September). Access control: Policies, models, and mechanisms. [Internet Source] Retrieved Trident Online Library.
Summary and Critique
Access control systems is a system of components that control the access of data by authorized persons without unnecessary restrictions. Access control systems are created into the custom needs of the user, and the technologies, devices, and systems can vary from one access control system to another. The safety and effectivity of the security systems is the assurance of the confidentiality, availability, integrity, and accountability of the system. The access control systems are created through the configuration of the procedures, controls, and the processes that define the access control subjects, objects and the levels within a system (Rothke, n.d.). When the procedure, the controls, and the processes come together, a control system is created data security is defined regarding who can access data and the different levels of access. In this case, the access control system refers to the entire access control instruments and various access control systems can be developed depending on the type of data as well as the organization preference.
Access Control Policies
Sandhu, R. S., & Samarati, P. (1994). Access control: principle and practice. [Internet Source] Retrieved from Trident Online Library.
Summary and Critique
The article establishes that access control policies are significant in that they are the controls that mitigate risks and vulnerabilities on an access control system. The policies refer to a set of guidelines in both the automated and the physical control systems that are managed and implemented by the administrators. According to Sandhu & Samarati (1994), different policies are combined to create strong access controls, and there are different types of policies. The classical discretionary policies regulate access based on the identity of the user and the set of authorizations that seek to specify the guidelines for the users as well as the objects in the system. The requests to access data in the system with a classical discretionary policy the user is assessed based on their specific authorizations. Different systems can use the classical discretionary systems due to their high flexibility. The classical mandatory policies are types of access control policies that govern access of data based on the subjects and objects classification by assigning levels of access to them with the levels being determined by the sensitivity of the information (Sandhu & Samarati, 1994). The last type of policies in the access control is the role-based policies in which the authorization and administration of data security are based on the role of the user within an organization based on their responsibilities.
References
Ausanka-Crues, R. (2001). Methods for access control: advances and limitations. Harvey Mudd College, 301, 20.
Jacobs, J., Clemmer, L., Rogers, R. & Dalton, M. (2003). Chapter-2: Access Control. SSCP Study Guide. Rockland: Syngress Publishing. 29-100. Retrieved on August 14, 2009 from the eBrary database.
Krause, M. & Tipton, H. F. (n.d.). Domain-1: Access Control. Handbook of Information Security Management. CISSP Open Study Guide Web Site. Retrieved on August 14, 2009 from https://www.cccure.org/Documents/HISM/ewtoc.html
Rothke, B. (n.d.). Access Control Systems and Methodologies. New York Metro eSecurity Solutions Group. Retrieved on August 14, 2009 from http://www.cccure.org/Documents/Ben_Rothke/Access%20Control.ppt
Samarati, P., & de Vimercati, S. C. (2000, September). Access control: Policies, models, and mechanisms. In International School on Foundations of Security Analysis and Design (pp. 137-196). Springer, Berlin, Heidelberg.
Sandhu, R. S., & Samarati, P. (1994). Access control: principle and practice. IEEE communications magazine, 32(9), 40-48.
Cite this page
Information Security Domains: Access Control and Administration - Essay Sample. (2022, Nov 06). Retrieved from https://midtermguru.com/essays/information-security-domains-access-control-and-administration-essay-sample
If you are the original author of this essay and no longer wish to have it published on the midtermguru.com website, please click below to request its removal:
- Parents Monitoring their Children on the Internet - Essay Example
- Essay on Reasons of the Airplane Crash in Cali Colombia
- Electronic Fund Transfers - Paper Example
- Sony's Financial Data: Assets, Liabilities, Cash Flow & More - Essay Sample
- 1990s: Internet Revolutionizing Global Interaction & Democratization - Essay Sample
- Internet: From Origin to Global Society Impact - Essay Sample
- WestJet: From Regional Carrier to International Airline Leader - Essay Sample