Definition: Access control refers to how people are restricted from entering computers and networks. Controlling access requires that a specification has been made, based on information security policies, as to who has the right to gain physical and logical proximity to information resources and to read or modify information assets.
Further, the phrase, "Access Control" relates to the steps that have been taken to implement security policies on a "need to know" basis. For example, one example would be a policy that requires the locking of the room in which key network resources are located. Establishing and applying deliberate and highly detailed (granular) security policies within the network’s operating system is another.
Following through upon the security best practice of “least privileges” limits who can legitimately use components of the information infrastructure.
Its Relevance: The larger the number of people who can retrieve and work with information assets the greater the security risk. Individuals who are without either a “need-to-know” or a need to work with specific information resources should be denied the ability to obtain them. Comprehensive access controls on an information infrastructure are considered to be a security best practice.
Trend: Controlling who can log-on to networks and get assets to information assets is more important today than ever before. Biometrics are increasingly being used to authenticate users and privileges are being granted less freely. Businesses are now requiring the use of more complex passwords and phrases. The emergence of mobile computing and portable BYOD (Bring Your own Device) is "pushing out" the limits of the security perimeter. More attention is being given to who can see and use information resources.
The major trend is data and information is moving closer to more complex threat environments. The chances of risk are increasing. The Internet of Things (IOT) and remote devices (e.g. a baby nursery camera) is going to make maintaining information security more difficult.