Access Control Policy

Associate Level Material

Appendix F

Access Control Policy

Student Name:

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name:

Date:

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

1 Authentication

Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.

2 Authentication credentials are vital in order to enforce the principle of least privilege. By using authentication credentials such as a username and password you can provide an individual with access to only the information he or she needs to perform their job and nothing more. Credentials are also useful for different departments on different VLANs. If one's credentials provided access to every VLAN it could compromise security and cause sensitive information to be at a greater risk. For example, every employee does not need access to the files and information that HR has access to and providing such information can be dangerous for not only the organization but each individual as well. The principle of passwords is what most of us are familiar with and is a word that should only be known by the user who uses the password in order to gain privileged access on a network. Multifactor authentication invovles requiring that at least two of the three authentication factors in order to to verify a user's identity. The three factors include: the knowledge factor, posession factor and inherence factor. By using two of the three listed to authenticate a user is multifactor authentication. Biometrics involves authentication by a physical characterisitc of a user such as a fingerprint, facial recognition, etc. Lastly single-sign-on is when a user only has...