

Controls that provide security against internal and external threats
2 Types of access controls:
› Physical controls
› Logical controls







Buildings including their power and security
Technology centers
Telecommunication rooms (switches, hubs, routers)
Customer documentation
Audit files
Inventory






Biometric devices
Security guards
Locks and keys
Surveillance
Alarm system








Servers and their operating systems
Network systems
Database systems or file systems
Users Applications
Communication systems
Online Reports
Audit logs





Firewalls
Encryption
Passwords
Authentication system

Level of protection
Level of Risk





Risk assessment
Test of controls
Analysis
Feedback







Size of the system
Complexity
Local vs. Remote
Wireless Technologies
Shared files and databases
Changes to infrastructure




Penetration tests
Monitor controls
Review controls





Number of external intrusion attempts
Number of internal unauthorized attempts
Number of security incidents caused by unauthorized access
Number of entitlement reviews not in compliance





 www.questbiometrics.com
, 2005. “Biometrics solutions;
Classification of Biometric Technologies based on physical traits.”
Participating with Safety Briefing no. 3 “Passwords & Access
Controls”, March 2002. Paul Mobbs, Association for
Progressive Communications.
Access Controls, www.wikipedia.org
Singleton, Tommie W. “What every IT Auditor should know about Access Controls. Information systems Control Journal.
Volume 4. 2008
Muthukrishan Ravi. G38 Access Controls
ISACA. www.isaca.org
. February 1, 2008.