Sample Paper on Information Security Access Controls

globalcompose.com /technology-papers/sample-paper-on-information-security-access-controls/

Abstract

Sufficient security of information and information systems is an important role of any organizations management.
Access control deals with establishing thepermitted activities of authentic users and facilitatingeach attempt by a
user to access resources in the system (Hu,Ferraiolo, and Kuhn 1). Companies intending to implement an
access control system need to consider access control policies, models, and mechanisms. Access control
policies are requirements that illustrate the way access is controlled and the circumstances under which a
person can access information(Hu, Ferraiolo, and Kuhn 4).

Deliberate sharing of information is the major function of information systems. However, the techniques of
controlling access to information unlike data are yet to be fully developed more so in relation to major decisions
concerning the kind of information users can access, when, and under what conditions. This paper presents the
case for access control to be clearly incorporated into models of information behavior, particularly as they are
connected to access to information on the relatively unregulated Internet (Watters and Ziegler 268).

Several firms have been victims of cyber-attacks that resulted in breach of confidential data (Beckett and Graf
18). Most companies have recognized that information security symbolizes a critical risk that requires careful
management. However, effecting controls over information security involves many challenges, particularly to
organizations that have no required IT resources. A number of security measures were established to be
effective in creating control over information security. Implementing access control assists in ensuring that only
authorized people are allowed to access critical areas of information (Beckett and Graf 18).

Physical access controls involves restricting access to the regions where the organizations server is kept with a
lock or access code. It is important to use encrypted mass storage devices (Beckett and Graf 18). Logical access
controls are tools and protocols used in identifying, authenticating, and authorizing computer information system
users, including software programs. There are several ways of guarding and managing sensitive information
during every step of data flow in an organization. When receiving data, the important factors to consider are the
type of information the firm gathers, whether it contains data that should be protected, and if it can be redacted or
modified to delete sensitive information before the organization receives it (Beckett and Graf 19). In transmitting
data, an organization should consider the way information is provided to and received from clients. Sending
sensitive information electronically requires the use of an encrypted or password-protected email or a secure
client portal. An organization should implement logical access control in the areas where sensitive information is
stored, such as servers, electronic storage devices, print drivers, and email servers. Data destruction requires
use of a document shredder to destroy old work papers or a program that can wipe a hard drive to delete all
electronic files completely. In data retention, organizations should not keep information longer than the required
period. A firmwide record-retention period should be adopted and firmwork papers should be destroyed as per
selected period for applicable documents (Beckett and Graf 19).

A condition of access control is considered safe if no permission can be disclosed to an unauthorized party. To
ensure safety of an access control system, it is important to make sure the access control model does not
discloseauthorizations to unsanctioned people.Various software tools are created to assist prevent or detect
intruders in an organizations network. For example, firewalls are crucial techniques for keeping a computer
secure from invaders. A firewall permits or blocks traffic into or out of a private network depending on given
security measures (Beckett and Graf 19).

1/2
Works Cited

Beckett Ference, Sarah, and Nickolas Graf. Controlling Your Data. Journal Of Accountancy 222.2 (2016): 18-
20. Business Source Complete. Web. 17 Aug. 2016.

Watters, Paul A., and Jacqueline Ziegler. Controlling Information Behaviour: The Case For Access
Control. Behaviour& Information Technology 35.4 (2016): 268-276. Library, Information Science & Technology
Abstracts. Web. 17 Aug. 2016.

Hu, Vincent C., David Ferraiolo, and D. Richard Kuhn. Assessment of access control systems. US Department
of Commerce, National Institute of Standards and Technology, 2006.

2/2