It 244 Access Control Policy

Associate Level Material

Appendix F

Access Control Policy

Student Name:

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name: James Bryant

Date: December 4, 2011

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

Authentication credentials are used to prove that the user is who they say they are and intended for. Authentications such as username and password ensure the person is the correct user by asking a security question before the user can gain access to the system. Multifactor authentication uses two or more layers to authenticate. Biometrics use methods such as fingerprints, body scans, and retinal scans signatures while single sign on only requires the users to sign in once.

2 Access control strategy

1 Discretionary access control

Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary access control is what allows user to change the access control attributes by specifying if a user has access to something. They are also the permissions to files, folders, and shared resources. The information owner is who created the object with transferrable control or controlled by the administrator.

2 Mandatory access control

Describe how and why mandatory access control will be used.

Mandatory access control is the access...