Wednesday, October 8, 2014

3.3 - Access Control Methods


As stated in the last post, access controls are often implemented at various layers of a system. Some of these controls act as core components of operating systems, devices, and applications.


Access Control Levels


Access control consists of 3 main categories: administrative, technical, and physical.  Each category has different access control mechanisms that are carried out manually or automatically.


Administrative Controls

  • Policy and procedures
  • Personnel controls
  • Supervisory structure
  • Security-awareness training
  • Testing
Physical Controls
  • Network segregation
  • Perimeter security
  • Computer controls
  • Work area separation
  • Data backups
  • Cabling
  • Control zone
Technical Controls
  • System access
  • Network architecture
  • Network access
  • Encryption and protocols
  • Auditing
Administrative Controls

These construct security policies to delegate the development of supporting procedures, standards, and guidelines. Additionally, they indicate specific personnel controls should be implemented.

0 comments:

Post a Comment