Page 79 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 79

Unit 6: Biometric Controls for Security




          2.   Strong business processes pertaining to the provisioning and de-provisioning of a user.  Notes
          3.   Provisioning software integrated with the business provisioning and  de-provisioning
               process.

          4.   Site, building and room based access control systems that are LDAP enabled or, able to be
               integrated into a virtual enterprise LDAP directory.
          5.   A  global enterprise  id for  each user  to integrate  the  user’s  identity  between  many
               applications and systems.
          6.   A strong end to end audit of everywhere the physical person went as well as the systems,
               application and information systems they accessed.
          With many portions  of an enterprise now outsourced, the challenges to  access control have
          increased. Today it is becoming common to have contractual agreements with the enterprise’s
          outsource partners that:
          1.   Automatically provision and de-provision users.
          2.   Build trusted authentication and authorization mechanisms.

          3.   Provide end to end user session audit.
          4.   Integrate with the remote user’s physical access, e.g., to a call center operating on the
               enterprise’s behalf.

          Controlling  how network resources are  accessed is  paramount  to  protecting  private and
          confidential information from unauthorized users. The  types of access control  mechanisms
          available for information technology initiatives today continues to increase at a breakneck
          pace.
          Most  access  control  methodologies  are  based  on  the  same  underlying  principles.
          If you understand the underlying concepts and principles, you can apply this understanding to
          new products and technologies and shorten the learning curve so you can keep pace with new
          technology initiatives.
          Access  control  devices  properly  identify  people,  and  verify  their  identity  through  an
          authentication process so they can be held accountable for their actions. Good access control
          systems record and timestamp all communications and transactions so that access to systems
          and information can be audited at later dates.
          Reputable access control systems all provide authentication, authorization, and administration.
          Authentication is a process in which users are challenged for identity credentials so that it is
          possible to verify that they are who they say they are.





             Notes  Once a user has been authenticated, authorization determines what resources a user
             is allowed to access. A user can be authenticated to a network domain, but only be authorized
             to access one system or file within that domain. Administration refers to the ability to add,
             delete, and modify user accounts and user account privileges.



             Did u know? What is Mandatory access control?
             Mandatory access control is access control policies that are determined by the system and
             not the application or information owner.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   73
   74   75   76   77   78   79   80   81   82   83   84