This chapter highlights the crucial role of access control in data security, focusing on policy-based identity management. It outlines three key functions: authentication, authorization, and auditing. The chapter advocates for role-based access control as an efficient approach, also suggesting that data type should influence access rules. Also discretionary access control is commonly chosen by companies for its ease of implementation over mandatory access control.
with identity management and access control where there’s a variety of factors, mechanisms and policies for implementation, I believe the access control policy in the information security policy should define the preferred access control architecture and infrastructure to address the risks and threats specific to the context of the organisation.
With access controls they have to have a high accuracy so that way whenever someone is trying to authenticate themselves we can know for sure that they are whoever they say they are. We can even see that identity management is about handling the data that comes with authentication and authorization.
In this chapter discussing Access Control a significant lesson is the value of employing an authentication strategy. This involves utilizing factors such, as passwords, physical tokens and biometrics to confirm identity with a level of certainty. Additionally it is noted that although robust authentication measures can lower risks considerably they should be evaluated in terms of their costs and considered within the risk assessment framework for the organization and the particular data or systems, under protection.
Yes, I agree with your submission. Security technologies and solutions implemented do not guarantee protection of information assets nor prevention of data breach hence, the need to ensure access control measures are defined and implemented according to the information security strategy.
Yes we can see that access controls are important when it comes to authenticating someone. I think it is interesting that biometrics has evolved more into society and now it is a common thing. It is even effective enough to keep people from stealing our data and biometrics even has its own data that it comes up with.
You captures the essence of the chapter’s focus on authentication in access control. It rightly points out the importance of employing a combination of security measures, such as passwords, tokens, and biometrics, and emphasizes the need for these measures to be cost-effective and aligned with the organization’s overall risk strategy.
Replacement-available physical devices generally fall into two categories, access cards and tokens. Access cards are generally made of plastic and are about the size of a credit or debit card. A token is a proof and permission, sometimes a small USB device.
It is interesting that a small USB device can be a token of proof and permission. I would think that it was always a authentication code for a multi factorial authentication. We can even use digital signatures for authentication.
Access control is policy-driven control that allows access to the system, data, and dialogues. There are multiple ways to implement access control, such as physical or logical (passwords and biometrics). Access Controls have three functions: Authentication, Authorization, and Auditing. Authentication is identifying the person requesting the information to ensure that the person has permission to access that information and providing access based on that. Authorization is the level of permission the user should have to access the information. Auditing logs the users’ activities in real time, which can be reviewed for any authentication or authorization process policy violation. To be authenticated, you must show verifier credentials that are based on one of the following:
1.What you know(a [password or private)
2.What you have(physical key or smart card)
3.What you are(your fingerprint).
In this access control chapter, it talks about Biometric authentication and how we carry our passwords on our body. I think we will see more and more biometric authentication when it comes to certain things. The accuracy of biometric authentication will increase over time, and we must worry about the data that biometric authentication causes. It is more data that we must protect for companies that need that specific information. For access controls there needs to be a high accuracy for it.
Hey Jon, you’re right that the biometric data itself becomes really sensitive – we can’t exactly change our fingerprints or face if that data gets compromised. Companies will need to step up their game to keep that data locked down tight.
I think as accuracy improves, we’ll see biometrics used in more applications where security is critical. But there could be some pushback about privacy concerns. It’ll be interesting to see how it all plays out and what new techniques emerge to protect biometric info while keeping authentication easy for users.
Identity management is the policy-based management of all information required for access to
corporate systems by people, machines, programs, or other resources are a major part of access control.
Federated Identity Management means joining together as equals i.e. linking to leverage, this is done to centralize and simplify identities from becoming too complex for monitoring, control and auditing purposes.
Within companies, trust is complex as the assumption is that only authorized devices and users are within the network, introducing risks of insider threats. The situation is even more complex between
companies.
Hi Oore,
Your point about trust within companies and the complexities it introduces is well-noted. With the assumption that only authorized devices and users are within the network, there’s an inherent risk of insider threats. Companies must implement robust identity management practices to mitigate these risks and maintain a secure environment.
Eyup Aslanbay says
This chapter highlights the crucial role of access control in data security, focusing on policy-based identity management. It outlines three key functions: authentication, authorization, and auditing. The chapter advocates for role-based access control as an efficient approach, also suggesting that data type should influence access rules. Also discretionary access control is commonly chosen by companies for its ease of implementation over mandatory access control.
Ooreofeoluwa Koyejo says
with identity management and access control where there’s a variety of factors, mechanisms and policies for implementation, I believe the access control policy in the information security policy should define the preferred access control architecture and infrastructure to address the risks and threats specific to the context of the organisation.
Jon Stillwagon says
With access controls they have to have a high accuracy so that way whenever someone is trying to authenticate themselves we can know for sure that they are whoever they say they are. We can even see that identity management is about handling the data that comes with authentication and authorization.
Yannick Rugamba says
In this chapter discussing Access Control a significant lesson is the value of employing an authentication strategy. This involves utilizing factors such, as passwords, physical tokens and biometrics to confirm identity with a level of certainty. Additionally it is noted that although robust authentication measures can lower risks considerably they should be evaluated in terms of their costs and considered within the risk assessment framework for the organization and the particular data or systems, under protection.
Ooreofeoluwa Koyejo says
Yes, I agree with your submission. Security technologies and solutions implemented do not guarantee protection of information assets nor prevention of data breach hence, the need to ensure access control measures are defined and implemented according to the information security strategy.
Jon Stillwagon says
Yes we can see that access controls are important when it comes to authenticating someone. I think it is interesting that biometrics has evolved more into society and now it is a common thing. It is even effective enough to keep people from stealing our data and biometrics even has its own data that it comes up with.
Eyup Aslanbay says
You captures the essence of the chapter’s focus on authentication in access control. It rightly points out the importance of employing a combination of security measures, such as passwords, tokens, and biometrics, and emphasizes the need for these measures to be cost-effective and aligned with the organization’s overall risk strategy.
Bo Wang says
Replacement-available physical devices generally fall into two categories, access cards and tokens. Access cards are generally made of plastic and are about the size of a credit or debit card. A token is a proof and permission, sometimes a small USB device.
Jon Stillwagon says
It is interesting that a small USB device can be a token of proof and permission. I would think that it was always a authentication code for a multi factorial authentication. We can even use digital signatures for authentication.
Celinemary Turner says
Access control is policy-driven control that allows access to the system, data, and dialogues. There are multiple ways to implement access control, such as physical or logical (passwords and biometrics). Access Controls have three functions: Authentication, Authorization, and Auditing. Authentication is identifying the person requesting the information to ensure that the person has permission to access that information and providing access based on that. Authorization is the level of permission the user should have to access the information. Auditing logs the users’ activities in real time, which can be reviewed for any authentication or authorization process policy violation. To be authenticated, you must show verifier credentials that are based on one of the following:
1.What you know(a [password or private)
2.What you have(physical key or smart card)
3.What you are(your fingerprint).
Bo Wang says
As mentioned in the previous course, passwords like fingerprints are very easy to steal, so you need all three to work together.
Jon Stillwagon says
In this access control chapter, it talks about Biometric authentication and how we carry our passwords on our body. I think we will see more and more biometric authentication when it comes to certain things. The accuracy of biometric authentication will increase over time, and we must worry about the data that biometric authentication causes. It is more data that we must protect for companies that need that specific information. For access controls there needs to be a high accuracy for it.
Yannick Rugamba says
Hey Jon, you’re right that the biometric data itself becomes really sensitive – we can’t exactly change our fingerprints or face if that data gets compromised. Companies will need to step up their game to keep that data locked down tight.
I think as accuracy improves, we’ll see biometrics used in more applications where security is critical. But there could be some pushback about privacy concerns. It’ll be interesting to see how it all plays out and what new techniques emerge to protect biometric info while keeping authentication easy for users.
Ooreofeoluwa Koyejo says
Identity management is the policy-based management of all information required for access to
corporate systems by people, machines, programs, or other resources are a major part of access control.
Federated Identity Management means joining together as equals i.e. linking to leverage, this is done to centralize and simplify identities from becoming too complex for monitoring, control and auditing purposes.
Within companies, trust is complex as the assumption is that only authorized devices and users are within the network, introducing risks of insider threats. The situation is even more complex between
companies.
Edge Kroll says
Hi Oore,
Your point about trust within companies and the complexities it introduces is well-noted. With the assumption that only authorized devices and users are within the network, there’s an inherent risk of insider threats. Companies must implement robust identity management practices to mitigate these risks and maintain a secure environment.