Essay on Applying Information Security Management Frameworks in Access Control
Number of words: 980
Introduction
Information Security Management Framework is a collection of guidelines, practices and processes. These standards practically meet the standard articulated by (ISO 27001). The aim of such frameworks is to ensure the protection of information. The management secures data from unauthorized access, disorientation of information and protects information systems from malicious damage. In respect to these standards, such guidelines are a collection of instructions as well as guidelines. Information security management includes access control measures, virus protection, disaster recovery, virtual private networking and business continuity (Saint-Germain, 2005). This paper concentrates on the importance of access control to business. It ventures into defining the security issues, providing basic facts and providing insight on the topic.
From a personal level, access control secures the working environment of the organization. On the other hand, the activity secures information assets of the organization (Liu, 2014). It reduces external as well as internal security breaches. In organizations, security breaches on databases have been an issue of importance. Users have been able to enter into databases and maliciously destroyed information. Others use the system to commit fraud and robbery. Therefore, better access control procedures on organizational databases limit losses. The access control procedures therefore, need to secure a database on user’s information (Saint-Germain, 2005). The database efficiency depends on its database security procedure. a constant feature in many access control systems is the presence of users ID and password credentials.
Access Control
Access control is a security measure in information technology that restricts usage of resources. Access control; restrict users’ visits to databases. It therefore, means that in order for a user to use the database, logs and locks need to be of use. Users of the system have information on their login credentials. The use of an ACT reader is an important invention. The security measure ensures that the reader reads all credential of readers. After verification of information of users, the system grants permission for entry or decline. Most of these system usages in business provide a LED ray of light to permit and a red warning for access denial (Ferraiolo, Kuhn & Chandramouli, 2003).
Access control operation in management relies on processors. Such processors are able to verify ones information relying on its database. For example, if one wants to pass through the door with access control framework, various aspects come in play. The first instance is that the processor checks one’s information from the database. It then provides notification for entry of denial through that door. This is just a depiction of access control procedure; for servers the important factors on access databases is the knowledge of Users ID and passwords (Liu, 2014). Passwords are important factors in accessing the system. In such situations, access to the information system provides an opportunity for authentication of user’s information.
Access Control Frameworks
Many access control frameworks may be of importance in Access control on organizational computer databases. These control types include the Mandatory Access control, Discretionary Access Control, organizational based, rule based and role- Based access control. , mandatory frameworks of access control provide users little freedom of access (Liu, 2014). Some of these databases are for top-secret operations. On the other hand, organizational based Implies to a framework that operates within an organization. Role –based approaches further relates to the application of frameworks on certain organizational functions. For example, human resource specialist might use a role-based approach to limit access to databases (Saint-Germain, 2005). For example, information on salaries will be under access of specific individuals.
Organizational- Based Access Control
The organization has lost millions of dollars due to unauthorized access of individuals on its database. The access of these individual has led to malicious alteration of the information. Regaining data of the organizations will mean employing specialists. Organizational based Access control framework relies on three aspects. The aspects of consideration include object, action and subjects (Watson, 2013). In such a representations role refers to subjects while activity refers to the actions of the subjects. This form of framework in the organization provides authorization to a certain grade of access. For example on the roles of the management, security breaches relates to roles (Ferraiolo et al 2003). Certain individuals in the organization have access to certain databases. This access relates to their level of activity and responsibility in the organization.
Various perspectives relates to an organizational based Access control. This perspective relates to the management of authorizations and identities. These aspects are important in securing organizations security policy. It also increases the security aspects, save human errors as well as save on time. (RBAC) probably is one of the best approaches to the framework (Ferraiolo et al 2003). Such security measures provides special roles in organizations, it provides perspectives that are beneficial to the organization and users. In organizations, configuration of security administration has had tremendous benefits.
The system is able to control sharing of resources as well as protection. Implementation of security measures needs to be another aspect of importance. For organizational based access control, implementation of measures needs to provide permissions to authorized parties. Designing organizational access system entails following organizational goals, missions and policy. The system provides details on all rules as well as conditions (Liu, 2014). It also regulates access to the system, which is a security measure. Further automation of the system makes the system limit human errors.
References
Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC 17799. Information Management Journal, 39(4), 60-66.
Ferraiolo, D., Kuhn, D. R., & Chandramouli, R. (2003). Role-based access control. Artech House. Canton Street. Norwood.
Liu, C. (2014). The effects of ontology-based and password-protected blog access control on perceived privacy benefit and perceived ease of use. Kybernetes, 43(2), 325-340
M. Watson, R. N. (2013). A Decade Of Os Access-Control Extensibility. Communications Of The Acm, 56(2), 52-63