ISOL634 Physical Security: Access Control Policies and Elements

Verified

Added on 2023/04/22

AI Summary

This discussion board post delves into the principles and elements of access control within the context of physical security. It defines access control as the formalization of rules for granting or denying access, emphasizing the importance of credentials and multi-factor authentication. The post outlines the three core principles of access control: policies (password, acceptable use, remote access, and account management), subjects (authorized, unauthorized, and unknown), and objects (information, technology, and physical location). Furthermore, it elaborates on the three essential elements of a well-defined access control system: identification, authentication, and authorization. The document concludes with a list of references used.

Running head: ACCESS CONTROL
Your Name
University of the Cumberlands
ISOL634-25 Physical Security
Week 17 Discussion Board
Professor Richards
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2ACCESS CONTROL
Access Control
The access control is considered as formalization of some rules which ensures
allowing or denying access. This is the process which determines who can determine with
what and what the subject of the interaction process (Younis, Kifayat & Merabti, 2014). The
access control is based on granting privileges or rights when interacting with a system. In the
environment of the access control system users have to enter some credentials before they can
get access to the system resources. In the case of the physical systems these type of
credentials can be forms. Credentials which cannot be transferred are the most secure one.
For a more secure access control method two factors authentication can be implemented. In
the two factor authentication first the user need to input the credentials and then the system
will ask about an OTP or a PIN or will perform a biometric verification. This type of two
factor verification is more secure than the traditional access control.
Three Principles of the Access Controls
The main three principles of the access control are the policies, subjects and the
objects.
Policies:
Policies of the access control is some specific rules which governs that some specific
users will get access to some specific type of resources (Yang, Jia & Ren, 2013). Polices for
the access control can vary accordance to organization but there are some organization
policies also. These policies of the access control are described below.
 Password Policy: The policy of the password describes requirement of the
organization for creating a strong password.

3ACCESS CONTROL
 Acceptable use policy: The acceptable use policy describes what type of tasks can be
performed and what type of tasks cannot be performed by the usage of computing
resources of the organization (Thilina et al., 2015).
 Remote access policy: In the remote access policy standards has been described for
connecting organizational network offsite.
 Account management policy: In this policy it is described how the new accounts
will be created, maintained, secured and the old accounts will be deleted (Chapple and
Ballad, 2014).
Subjects:
The access control subject is scenario of requesting access to a particular type of
resource. The three types of subjects for the access control are the:
 Authorised: The authorised persons are specific type of persons who have presented
specific credentials (Hernández-Ramos et al., 2013) and have been approved for
resource access.
 Unauthorised: The unauthorised persons are who does not possess proper credentials
or appropriate privileges (Choi, Lim & Sabharwal, 2015).
 Unknown: This is type of persons who have not presented any type of credentials to
the system and the system is unaware about whether give access to that person or not.
Objects
The three main objects of the access control are:
 Information: Information consists any type of data assets of the system.
 Technology: This consists networks, application and systems.
 Physical location: Physical location includes things such as rooms and buildings.

4ACCESS CONTROL
Three elements of well-defined access control system
The three elements of the well-defined access control systems are identification,
authentication and authorisation.
 Identification: The identification of the process by which the subject is able to
identify itself for accessing the control system (Mahalle et al., 2013).
 Authentication: The authentication is the process for verification of the identification
of the subject.
 Authorization: The authorisation is the process for allowing or denying access to an
object of the system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5ACCESS CONTROL
References:
Chapple, M. & Ballad, B. (2014). Access control, authentication, and public key
infrastructure. Burlington, MA: Jones & Bartlett Learning.
Choi, W., Lim, H., & Sabharwal, A. (2015). Power-controlled medium access control
protocol for full-duplex WiFi networks. IEEE Transactions on Wireless
Communications, 14(7), 3601-3613.
Hernández-Ramos, J. L., Jara, A. J., Marın, L., & Skarmeta, A. F. (2013). Distributed
capability-based access control for the internet of things. Journal of Internet Services
and Information Security (JISIS), 3(3/4), 1-16.
Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication
and capability based access control (iacac) for the internet of things. Journal of Cyber
Security and Mobility, 1(4), 309-348.
Thilina, K. M., Tabassum, H., Hossain, E., & Kim, D. I. (2015). Medium access control
design for full duplex wireless systems: challenges and approaches. IEEE
Communications Magazine, 53(5), 112-120.
Yang, K., Jia, X., & Ren, K. (2013, May). Attribute-based fine-grained access control with
efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC
symposium on Information, computer and communications security (pp. 523-528).
ACM.
Younis, Y. A., Kifayat, K., & Merabti, M. (2014). An access control model for cloud
computing. Journal of Information Security and Applications, 19(1), 45-60.