In this section, I will be discussing Access Controls, the second
domain of information security.
Access Controls:
When protecting assets, access controls act as first line defense security. An example of this can be the verification of logging into web applications, which restrict access to unauthorized users.
These controls are typically inherent administrative, physical, or technical in nature and should be applied in a layered approach, ensuring that an intruder would have to compromise more than one countermeasure to access critical assets.
Security Principles:
In the previous chapter, we learned that security management procedures include identifying threats that negatively impact the availability, integrity, and confidentiality of the assets of the company. This includes finding a cost effective means by implementing countermeasures for protection.
In the previous chapter, we learned that security management procedures include identifying threats that negatively impact the availability, integrity, and confidentiality of the assets of the company. This includes finding a cost effective means by implementing countermeasures for protection.
- Availability
- Information, systems, and resources must be available
to users in a timely manner to not affect productivity.
- Integrity
- Information that is gathered must be accurate,
complete, and protected from unauthorized modifications. When a security
provides integrity, it protects data, or a resource, from being
altered in an unauthorized fashion.
- Confidentiality
- This assures that any
information is not disclosed to unauthorized individuals, programs,
or processes because some information is more sensitive than
others and requires a higher level of
confidentiality. Control mechanisms need to be in place to
dictate who can access data and what the subject can do with it once
they have accessed it.
0 comments:
Post a Comment