Submitted by: Submitted by njbiggmann40
Views: 1103
Words: 512
Pages: 3
Category: Science and Technology
Date Submitted: 12/18/2011 01:39 PM
Associate Level Material
Appendix F
Access Control Policy
Student Name:
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: James Bryant
Date: December 4, 2011
Access Control Policy
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
1 Authentication
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
Authentication credentials are used to prove that the user is who they say they are and intended for. Authentications such as username and password ensure the person is the correct user by asking a security question before the user can gain access to the system. Multifactor authentication uses two or more layers to authenticate. Biometrics use methods such as fingerprints, body scans, and retinal scans signatures while single sign on only requires the users to sign in once.
2 Access control strategy
1 Discretionary access control
Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.
Discretionary access control is what allows user to change the access control attributes by specifying if a user has access to something. They are also the permissions to files, folders, and shared resources. The information owner is who created the object with transferrable control or controlled by the administrator.
2 Mandatory access control
Describe how and why mandatory access control will be used.
Mandatory access control is the access...