Access Controls
Group # 2
Access Controls
What are access controls?
 Controls that provide security against internal and external threats
 2 Types of access controls:
›
Physical controls
›
Logical controls
Physical assets that need control
 Buildings including their power and security
 Technology centers
 Telecommunication rooms (switches, hubs, routers)
 Customer documentation
 Audit files
 Inventory
Examples of physical controls
1.
2.
3.
4.
5.
Logical Controls
 Servers and their operating systems
 Network systems
Access Controls
Group # 2
 Database systems or file systems
 Users Applications
 Communication systems
 Online Reports
 Audit logs
Examples of Logical controls
1.
2.
3.
4.
Aligning risks and control
To make sure your access controls are sufficient.
The more risk; the stronger your controls should be.
Authorization vs. authentication
What is the difference?
_________________________________________________________________________________________
_________________________________________________________________________________________
_________________________________________________________________________________________
Auditing access controls
 Risk assessment
 Test of controls
 Analysis and Feedback
Access Controls
Group # 2
Issues affecting risks
 Size of the system
 Complexity
 Local vs. Remote
 Wireless Technologies
 Shared files and databases
 Changes to infrastructure
Tests of controls
 Penetration tests
 Monitor controls
 Review controls
What are some examples of access to entry requirements?
_________________________________________________________________________________________
_________________________________________________________________________________________
Risk monitoring tactics
 Number of external intrusion attempts
 Number of internal unauthorized attempts
 Number of security incidents caused by unauthorized access
 Number of entitlement reviews not in compliance