Question

Authentication, Authorization, Accounting

Having security policies and procedures that document and manage access to critical data and technology is one thing, but actually controlling the access is another. Describe and evaluate how authentication controls can enforce security policies within an organization.

Answer 1

With the increased used of data in decision making using various analysis techniques, firms have been realizing the power of data and the way its analysis helps in arriving at alternatives for decision making. Data is being considered as an asset the firm should protect from being used by others. To ensure the firms protect their data, they have implemented various data security measures and created policies within the organization, one of which is authentication control.

Authentication refers to validation of identity by an individual who has the right to access the data or information by logging in using unique identity which might include passwrod protection, finger print authentication, swipe card, biometric etc. This ensures that intruders or external individuals are unable to access the data thus protecting it from being stolen. Authentical controls can be exclusively role specific which means a set of data that is useful for a functional department is not accessible for other departments and can be provided only on a specific request explaining the reason behind the requirements. Thus, authentication controls can be implemented at various levels in the organization solely based on the requirements.