Appendix F
Access Control Policy
Student Name: Patricia Manter
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Kevin Swinson
Date: June 24, 2012
Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
1 Authentication
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
Authentication is a crucial step in setting up and maintaining access control of the computer system. Security relies on the prevention and detection of unauthorized activity on the system. Authentication credentials will control access to the data and shared resources of the computer system and network.
Principles of Authentication
• Multifactor Authentication – This method of authorization requires the user to provide more than one factor to log in. This is more secure than single factor authorizations, such as only requiring a password. For example, with multifactor authentication a user would need to provide another means of authentication in addition to a password.
• Biometrics – Considered the most secure way to authenticate users, biometrics utilizes the biological factors of a user. Examples include retinal eye scan and fingerprints.
• Single-sign-on – Also referred to as SSO, the ability for a user to only be authenticated once to be provided authorization. Once authorized, they may access multiple services.
2 Access control strategy
1 Discretionary access control
Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure
References: Cite all your references by adding the pertinent information to this section by following this example. TechExams.net, Access Control, retrieved June 24, 2012 from http://www.techexams.net/technotes/securityplus/mac_dac_rbac.shtml Techotopia, Mandatory, Discretionary, Role and Rule Based Access Control, retrieved June 23, 2012 from http://www.techotopia.com/index.php/Mandatory%2C_Discretionary%2C_Role_and_Rule_Based_Access_Control Tech-Faq, Routing and Remote Access Service, retrieved June 23, 2012 from http://www.tech-faq.com/routing-and-remote-access-service.html