Access Control

Definition: Access control means that a thorough specification has been made, based on information security policies, as to who has the right to gain physical and logical proximity to information resources and to use or modify information assets. Further, the phrase relates that steps have been taken to implement security policies on a "need to know" basis. Locking the room in which key network resources are located is one general example. Applying deliberate and highly detailed (granular) security policies in the network’s operating system is another. Following through upon the security best practice of “least privileges” limits who can legitimately use components of the information infrastructure.

Its Relevance: The more the number of people who can retrieve and work with information assets the greater the security risk. Individuals who are without either a “need-to-know” or to work with specific information resources should be denied the ability to obtain them. Comprehensive access controls on an information infrastructure are considered to be a security best practice.

Trend: Controlling who can use information assets is becoming more technical and granular. Biometrics are increasingly being used to authenticate users and privileges are being granted less freely. The emergence of mobile computing and portable BYOD (Bring Your own Device) is pushing out the limits of the security perimeter. More attention is being given to who can see and use information resources.

Return from "Access Control" to Words [A - C]