Access Control Policy

Axia College Material

Appendix F

Access Control Policy

Student Name:

Axia College

IT/244 Intro to IT Security

Instructor’s Name:

Date:

Access Control Policy

1 Authentication

An employee still needs to go through a series of authentication process. This is how a user’s credibility is evaluated. A company can choose between three types of authentication processes. Technically, an authentication is needed in order for the system to identify how the user is related to the information that he or she is trying to acquire.

The most basic form of authentication is by simply using a PIN. However, the most complicated ones are like retina and fingerprint scanning. A PIN authentication is typically given by the institution for the person to remember, as this will be used as his or her constant log in information each time he or she needs to access a certain data. In other companies, photos and signatures can also be used for authentication. Signature needs to be supported by other documents, in order to be credible.

The next type of authentication is the two-factor authentication, which means that one PIN and another credential like an ATM card would be required. Having two or more credentials can already serve as a strong proof for the company to give access to the information.

Finally, the three-factor authentication might still require a PIN, but aside from that a more complicated scanning system might be incorporated such as fingerprint scanning. This is one of the best authentication processes because the major credential can impossibly be stolen nor imitated. However, if a company wants this system, they should anticipate a big budget for these sorts of scanners.

One of the methods that have been proven to be really impossible to fake is the biometrics, simply because it utilizes some of the most unique person of a person. Some form of biometric methods are voice...