***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Saturday, May 7, 2022

    Access Control

    Access control is a data security process that enables organizations to manage who is authorized to access corporate data and resources. Secure access control uses policies that verify users are who they claim to be and ensures appropriate control access levels are granted to user.

    Access control is used to verify the identity of users attempting to log in to digital resources.

    Access control is crucial to helping organizations comply with various data privacy regulations.

    Components of Access Control

    Authentication

    Authentication is the initial process of establishing the identity of a user. For example, when a user signs in to their email service or online banking account with a username and password combination, their identity has been authenticated. However, authentication alone is not sufficient to protect organizations’ data. 

    Authorization

    Authorization adds an extra layer of security to the authentication process. It specifies access rights and privileges to resources to determine whether the user should be granted access to data or make a specific transaction. 

    Access

    Once a user has completed the authentication and authorization steps, their identity will be verified. This grants them access to the resource they are attempting to log in to.

    Manage

    Organizations can manage their access control system by adding and removing the authentication and authorization of their users and systems. Managing these systems can become complex in modern IT environments that comprise cloud services and on-premises systems.

    Audit

    Organizations can enforce the principle of least privilege through the access control audit process. This enables them to gather data around user activity and analyze that information to discover potential access violations.

    Access control can be categorized as

    i. Physical Access Control: used to grant access to physical buildings and physical devices.

    ii. Logical/Information Access Control: involves tools and protocols being used to identify, authenticate, and authorize users in computer systems. The access controller system enforces measures for data, processes, programs, and systems.

    Types of Access Controls

    There are several types of access controls that organizations can implement for access control. These include:

    i. Attribute-based Access Control (ABAC)

    ABAC provides access to users based on who they are rather than what they do. For example, the business unit they work in and how they were hired.

    Attribute-based access control (ABAC) is an authorization system that defines access based on attributes associated with security principals, resources, and environment.

    Attributes allow for an easier control structure because permissions can be based on the user’s type, location, department and so on, mirroring the physical aspects of the business.

    ii. Discretionary Access Control (DAC)

    DAC models allow the data owner to decide access control by assigning access rights to rules that users specify. When a user is granted access to a system, they can then provide access to other users as they see fit.

    iii. Mandatory Access Control (MAC)

    MAC places strict policies on individual users and the data, resources, and systems they want to access. The policies are managed by an organization’s administrator. Users are not able to alter, revoke, or set permissions.

    iv. Role-Based Access Control (RBAC)

    RBAC creates permissions based on groups of users, roles that users hold, and actions that users take. Users are able to perform any action enabled to their role and cannot change the access control level they are assigned.

    v. Rule-based Access Control

    A rule-based approach sees a system admin define rules that govern access to corporate resources. These rules are typically built around conditions, such as the location or time of day that users access resources. 

    vi. Break-glass Access Control

    Break-glass access control involves the creation of an emergency account that bypasses regular permissions. In the event of a critical emergency, the user is given immediate access to a system or account they would not usually be authorized to use.

    No comments:

    Post a Comment

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...