Question

In: Computer Science

Explain how designing an access control standard relates to system security practices.

Explain how designing an access control standard relates to system security practices.

Solutions

Expert Solution

Hopefully all yours doubt will clear if you have left with any doubt please let me know in comment. I will try my best to resolve that.

Ans :-

Access controls are security features that control how users and systems communicate and interact with other systems and resources.
Access is the flow of information between a subject and a resource.
A subject is an active entity that requests access to a resource or the data within a resource. E.g.: user, program, process etc.
A resource is an entity that contains the information. E.g.: Computer, Database, File, Program, Printer etc.
Access controls give organization the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality.
Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.

There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.

To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings as well as alarms and lockdown capabilities to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors. Multifactor authentication, which requires two or more authentication factors, is often an important part of layered defense to protect access control systems.

These security controls work by identifying an individual or entity, verifying that the person or application is who or what it claims to be, and authorizing the access level and set of actions associated with the username or IP address. Directory services and protocols, including the Local Directory Access Protocol (LDAP) and the Security Assertion Markup Language (SAML), provide access controls for authenticating and authorizing users and entities and enabling them to connect to computer resources, such as distributed applications and web servers.

The practical options for authentication 'factors' cannot be all of the same types and are typically separately managed types of credentials. The 'factor groups' are commonly cited as:

Something the User Has: A credential/permission granted administratively to the user. Typically an access control badge, token, or fob. Also includes a mechanical key, membership ID, or passport.


Something the User Knows: Typically a code or password kept private by the user. Typically a PIN number, but also include 'Security Questions' or 'Last 4 Social Security digit' confirmations.


Something the User Is: Biometric features only the user is able to possess. Typically finger or palm prints are used, but other readings possible including face recognition, heartbeats, retina/iris scans, and even gait.


Someone Trusted Verifies the User: Under certain conditions, another human positively IDs and vouches for the user. This could be a manned guard or even a receptionist that grants access based on familiarity.


You can use these in combination. Indeed, this approach, called 'multi-factor authentication' is very popular among security practitioners.


Related Solutions

Access control" - Several "Access control" best practices were introduced this week. What is the goal...
Access control" - Several "Access control" best practices were introduced this week. What is the goal of "Access control"? Which "Access control" best practices would you recommend be implemented in a company accounting department?
Name two main types of access control methods in a security system. Sub-categorize each of them...
Name two main types of access control methods in a security system. Sub-categorize each of them separately by four sub-types. For each main type access control methods you named, compare and contrast the four sub-types you have listed. Use tables to present their respective advantages and disadvantages. Based on your discussion in earlier parts or otherwise, propose access control(s) system for a domestic airport terminal building.
Explain how leader standard work relates to the lean management system model and discuss why it...
Explain how leader standard work relates to the lean management system model and discuss why it is a critical component of ensuring continuous quality improvement in health care
For Network Access Control and Cloud Security You are required to research and report on this...
For Network Access Control and Cloud Security You are required to research and report on this topic according to the Detail of Question below. A. Select one paper to: Read, understand in order to present three main parts: 1. Summary: o Provide a 200-300 word summary of the paper under review, from the background to the results being presented, and further work proposed. Please do NOT copy the abstract into this space! 2. Main points: o The main issues as...
How can a system for multi-level access control be implemented for government and military applications? What might access rules look like for such a system?
How can a system for multi-level access control be implemented for government and military applications? What might access rules look like for such a system?  
a) Based on standard design principles and practices, describe how the roof and drainage system of...
a) Based on standard design principles and practices, describe how the roof and drainage system of a building may be designed. b) Describe three main drainage systems which are typically required in a building. c) What are the main stages of a structural construction project? d) Identify at least three promising building materials’ trends in the construction industry in recent years. My subject is Plant Engineering
3)Explain industry and organisation security practices and rationale 4)Describe an internal administration system such as accounting...
3)Explain industry and organisation security practices and rationale 4)Describe an internal administration system such as accounting system and database.
What are some physical security design elements for alarm/access control systems servers?
What are some physical security design elements for alarm/access control systems servers?Why is Physical Security design elements for alarm/access control systems/servers so crucial in a data center?
Explain how a standard costing system operates.
Explain how a standard costing system operates.
How are access control policies different between industries?
How are access control policies different between industries?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT