1 / 14

Access Controls

Access Controls. Shelly Aremia Liana Viljoen Kayla Samstag Eric Dowd. What are access controls?. Controls that provide security against internal and external threats 2 Types of access controls: Physical controls Logical controls. Physical Assets that need control:.

mali
Télécharger la présentation

Access Controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Controls Shelly Aremia Liana Viljoen Kayla Samstag Eric Dowd

  2. What are access controls? • Controls that provide security against internal and external threats • 2 Types of access controls: • Physical controls • Logical controls

  3. Physical Assets that need control: • Buildings including their power and security • Technology centers • Telecommunication rooms (switches, hubs, routers) • Customer documentation • Audit files • Inventory

  4. Examples of Physical controls • Biometric devices • Security guards • Locks and keys • Surveillance • Alarm system

  5. Logical Assets • Servers and their operating systems • Network systems • Database systems or file systems • Users Applications • Communication systems • Online Reports • Audit logs

  6. Examples of logical controls • Firewalls • Encryption • Passwords • Authentication system

  7. Aligning risks and control Level of protection Level of Risk

  8. Authorization vs. Authentication

  9. Auditing access controls • Risk assessment • Test of controls • Analysis • Feedback

  10. Issues affecting risks • Size of the system • Complexity • Local vs. Remote • Wireless Technologies • Shared files and databases • Changes to infrastructure

  11. Test of Controls • Penetration tests • Monitor controls • Review controls

  12. Risk monitoring tactics • Number of external intrusion attempts • Number of internal unauthorized attempts • Number of security incidents caused by unauthorized access • Number of entitlement reviews not in compliance

  13. Works Cited • www.questbiometrics.com, 2005. “Biometrics solutions; Classification of Biometric Technologies based on physical traits.” • Participating with Safety Briefing no. 3 “Passwords & Access Controls”, March 2002. Paul Mobbs, Association forProgressive Communications. • Access Controls, www.wikipedia.org • Singleton, Tommie W. “What every IT Auditor should know about Access Controls. Information systems Control Journal. Volume 4. 2008 • Muthukrishan Ravi. G38 Access Controls ISACA. www.isaca.org. February 1, 2008.

More Related