Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Information Security: Access Controls

Guide for class discussion on Access Controls for Information Security

William Barnett

on 12 November 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Information Security: Access Controls

Access Controls
Access Controls regulate admission to trusted areas of the organization.
Access Controls Generally Focus on:
Accountability (document)
Balance of Business Need and Risk
Guiding Principles
Least Privilege
Need to Know
Separation of Duties
Operational Impact
Where are these designed?
What do they do?
Who uses them?
What are some examples?
Education and Awareness are considered Operational Level Controls
Support Tactical portion of the security program.
Deal with the immediate needs of the technology environment. (reactive?)
Inherent Intent
Degree of Authority
Mandatory Controls
Classify Data
Value to the Business
Must regularly update classification
Classify People
Clearences - Role Based
Need to Know... No Lookie Loos
Manage Information Assets
Over whole lifecycle
Over all states
Nondiscretionary Controls
Built into infrastructure...
Role-based Controls
Task-based Controls
Very similar to the way database access is setup.
Discretionary Controls
Users allow access
Like shared folders, etc.
Organizational Location
Centralized vs. Decentralized
More critical data tends to be Centrally controlled
Think about how you log into the school network.
Evolving Types
Content Dependent
Constrained User Interface
Temporal Issolation
Discussion Point:
How does the sphere relate to the Bull's Eye Model?
Where are these designed?
What do they do?
Who uses them?
What are some examples?
Integrated View
Full transcript