controls over access to information systems
Information systems contain important data - so it makes sense to restrict user access. How is this done?
Control Access to What?
Businesses need to control access to:
Information
Computer applications
Operating system facilities
How is It Achieved?
Control over access to an information system is achieved by using a logical access system: such a system:
- Requests details of the identification of the user (e.g. by requesting
a username and password)
- Checks whether the user has the authority to access the system
- Authenticates the user and allows access
Effective control ensures that staff have appropriate access to information and applications, and do not abuse it.
Management issues, such as periodic reviews of user accounts, can apply as much to IT systems as to physical access control systems. Confidentiality of information is best achieved by ensuring that people only have access to the information they actually need.
If access rules are too detailed, managing them will be very difficult. If they are too general, people will have access to information or applications that they will never need. A balance must be struck depending on:
Needs of the business
Security features provided by the systems
Trust in staff
Consideration of security issues during system design, development and procurement will greatly enhance effectiveness. Look for:
Strong password enforcement
Management of access rights to read, amend, process or delete information
Analysis of what users require to do their job
Analysis of the security features each system can provide
Teacher Subject Newsletters | Teacher Forums | Online Store | tutor2u News tutor2u on Twitter: Subject Blogs: About tutor2u | Copyright | Privacy | Terms of Use | Contact tutor2u Our Development Partners: |
