SlideShare a Scribd company logo

Access Control and Maintenance.pptx

K
Kinetic Potential

Access Control and Maintenance

Internet
1 of 27
Cybersecurity Families and Controls Part 1 – Access Control AND Part 2 – Maintenance 1
Access Control
According to Microsoft, Access Control is defined as: “…an essential element of security that determines who is allowed to access certain data, apps, and resources—and in what circumstances. Access control policies protect digital spaces. Access control lets the right people in and keeps the wrong people out. Access control policies rely heavily on techniques like authentication and authorization, which allow organizations to explicitly verify both that users are who they say they are and that these users are granted the appropriate level of access based on context such as device, location, role, and much more. Access control keeps confidential information—such as customer data and intellectual property—from being stolen by bad actors or other unauthorized users. It also reduces the risk of data exfiltration by employees and keeps web-based threats at bay. Rather than manage permissions manually, most security-driven organizations lean on identity and access management solutions to implement access control policies. What is Meant by the Term Access Control?
Access Control is one of the most critical control families because it ensures all of your IT systems have adequate protection surrounding access to that information system. Unauthorized system access always precedes cyber incidents so making a solid security posture regarding access controls a must. The Access Control family itself is geared toward ensuring a system’s technical security implementations meet a minimum best practice standard for operation and certifies your network has access and account management practices in place to manage access provisioning and user account controls appropriately. Sufficiently meeting each of the controls listed in the Access Control family shows any auditor or inspector that your network identifies and authorizes legitimate users of the system while protecting against unauthorized access and system compromise. Access control is important because it minimizes company risk, but it can also be a big part of regulatory compliance. Meeting your company’s compliance needs is a significant factor in choosing an access control system. Why is Access Control Important?
Here is a full listing of controls inside of the “Access Control” control family: AC-1 ACCESS CONTROL POLICY AND PROCEDURES AC-2 ACCOUNT MANAGEMENT AC-3 ACCESS ENFORCEMENT AC-4 INFORMATION FLOW ENFORCEMENT AC-5 SEPARATION OF DUTIES AC-6 LEAST PRIVILEGE AC-7 UNSUCCESSFUL LOGON ATTEMPTS AC-8 SYSTEM USE NOTIFICATION What Controls are Part of the Access Control Family? 1 of 3
Here is a full listing of controls inside of the “Access Control” control family: AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION AC-10 CONCURRENT SESSION CONTROL AC-11 SESSION LOCK AC-12 SESSION TERMINATION AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION AC-16 SECURITY ATTRIBUTES AC-17 REMOTE ACCESS AC-18 WIRELESS ACCESS What Controls are Part of the Access Control Family? 2 of 3
Here is a full listing of controls inside of the “Access Control” control family: AC-19 ACCESS CONTROL FOR MOBILE DEVICES AC-20 USE OF EXTERNAL INFORMATION SYSTEMS AC-21 INFORMATION SHARING AC-22 PUBLICLY ACCESSIBLE CONTENT AC-23 DATA MINING PROTECTION AC-24 ACCESS CONTROL DECISIONS AC-25 REFERENCE MONITOR NOTE: In NIST SP 800-53 Rev. 5, AC13-SUPERVISION AND REVIEW, and AC15-AUTOMATED MARKING were incorporated into other controls. What Controls are Part of the Access Control Family? 3 of 3
Role-Based Access Control (RBAC) Role-based access control attributes permissions to a user based on their roles/duties/business responsibilities. As the most common access control system, RBAC determines access based on your role in the company—ensuring lower-level employees aren’t gaining access to high-level information unnecessarily. Mandatory Access Control (MAC) Mandatory access control is the most secure type of access control. Only owners and custodians have access to the systems. All the access control settings are preset by the system administrator and can’t be changed or removed without his or her permission. What are the Most Common Types of Access Control Systems?
Discretionary Access Control (DAC) With a discretionary access control, the data owner of the company can decide how many people have access to a specific location. Each access control point has a list of authorized users. Every time a keycard is swiped, a PIN is punched, or a fingerprint is scanned, the system checks the credential against the list and either allows or denies access based on the previously set allowances. Rule-Based Access Control (RBAC) Not to be confused with the other “RBAC,” rule-based access control is commonly used as an add-on to the other types of access control. In addition to whatever type of access control you choose, rule-based access control can change the permissions based on a specific set of rules created by the administrator. What are the Most Common Types of Access Control Systems?
Choosing the type of access control system that is most suitable for your organization, there are a number of factors involved. Some of those factors include the nature of your business, security procedures within the organization, and the number of users on the system. Places of business with small or basic applications will probably find Discretionary Access Control to be less complicated and better utilized. If, however, you have highly confidential or sensitive information on your business platform, a Managed Access or Role-Based Access Control system are two options you may want to consider. How to Choose the Correct Access Control System for Your Business?
Develop an Access Control Policy - It’s prudent to begin by developing access control policies to manage everyone using business facilities and systems. Start by collecting data on human behavior at work and the facilities they frequently access. It will form a baseline to launch the access control program. Establish Layered Defenses - The underlying technology in access control devices can easily be cracked and expose your organization. It is a best business practice to add more security layers to handle breach attempts in access control systems. Integrate Access Control Into Internal Management Systems - Businesses that use different technologies to support their operations are prone to internal and external breaches. To mitigate these threats, another best practice to implement is to integrate access control to consolidate systems functions and monitor real-time activities within your network. Tip and Best Practices to Support Your Access Control Implementation 1 of 3
Centralize Access Control Management - Centralization of access control allows you to design a security layout for your Enterprise. It’s one way to pinpoint potential risks and create countermeasures to mitigate your exposure. Also, it works as a data collection point for your business, which can be helpful for decision-making purposes. Training And Development - Technology is forever evolving and users must keep up with the frequent changes. So as a best practice you should periodically conduct training and development for your staff to enhance security in your business processes. Frequently Audit And Upgrade Access Control Software - It’s crucial to audit your access control management and continuously improve the infrastructure. You might spot gaps in your systems that make you vulnerable to attacks. You should retire obsolete access control technology and replace it with a new and improved one. Tip and Best Practices to Support Your Access Control Implementation 2 of 3
Protect Passwords - Your organization should have management tiers with designated authority to access business information. Authorized personnel should use or have unique credentials and passwords to access your systems and must protect them at all costs. Block and/or Delete Invalid and Dormant Accounts - Labor turnover and changes in roles happen all the time in business. Retaining such user accounts is risky and may lead to security breaches in your network. Blocking or deleting unused accounts within your IT backup systems is crucial. In summary, Access Control (AC) is one way to insulate your business from potential breaches or electronic attacks. It is a multi-functional tool to manage people and monitor activities within your organization. Installing AC systems requires an analytical review of your business operations and the exposure risks you face in the digital age. AC systems help you develop measures such as user policies incorporating best practices to access control. Tip and Best Practices to Support Your Access Control Implementation 3 of 3
Information Technology Maintenance
Like all electronic devices (from a car to a dishwasher), in order to function properly, computers need maintenance. And based on its importance and complexity, computer equipment maintenance requires special attention. When approaching the different types of IT maintenance, two aspects must be considered: 1) The term “maintenance” includes both hardware and software of the computer. Both are very important and will decisively influence the operation of the system. 2) Various types of maintenance can work simultaneously. In the case of corrective maintenance, it will act if the predictive maintenance or preventive maintenance are not able to anticipate the problem. What is Meant by the Term IT Maintenance?
Early Detection of Issues - Maintenance checks and regular upkeep helps detect issues early and pinpoint the potential threats to the IT network, computers, and servers. When it comes to computer systems, even the smallest system issues could leave the door open for breaches and bigger potential faults. Regular maintenance can point out these small IT system problems and eradicate them before they get out of control. Viruses and Malware Prevention - There are numerous types of malware out there just waiting to infect systems and cause security and confidentiality issues, data leakage and system crashes. Preventing cyberattacks is tricky because each attack and malware is different. Therefore, it is extremely important to protect the corporate network instead of waiting around to deal with consequences. Faster Loading Times - System maintenance is a great way to speed up all your IT systems and computers and improve processing times. IT maintenance services can identify issues to help optimize system performance so your devices load faster. This includes fragmenting computer files, removing malicious code, updating outdated software, patching security gaps, etc. Why is Maintenance Important? 1 of 2
Maximize Software Efficiency - Includes installment of software updates to their latest version and installment of new patches, whenever such are available. Cyber criminals are always targeting system and software weaknesses. A good IT maintenance program provides updates for each software package during regular maintenance. This practice helps your software programs run at their best. Prevent Data Loss - No matter if you work with lots of files, personal info, or/and sensitive information, no organization is safe from data loss. Data loss is typically caused by a system reboot, malware, viruses, or hacker attacks. Regular computer maintenance lowers the risks by ensuring all network systems are checked and all firewalls, antivirus software, and computer applications are working as expected. Documenting IT Concerns - Keeping track of past, potential and ongoing issues is very important. Effective IT maintenance programs mandate the documentation of even minor system malfunctions, server outages, and potential threats to the computer system. Documenting preventive maintenance and analyzing network architecture is a game-changer. Having every technical aspect of your business monitored is a superb way to keep work computers and technology at their optimal condition. Why is Maintenance Important? 2 of 2
Hardware Maintenance
Preventive Maintenance - Is a very frequent type of maintenance carried out in order to prevent possible failures and improve the functioning of a system. Preventive Maintenance can also extend the useful life of the different components of your IT system, and decreases the number and length of system downtimes. It can reduce the number of repairs and detect weak points in the system that might affect its operation. Predictive Maintenance - Is a type of maintenance that is carried out using diagnostic tools, in order to anticipate possible failures and to try to avoid them before they occur. One of the most effective ways in which predictive maintenance is carried out is through the monitoring of computer systems using tools such as monitoring software. This practice helps to control all different types of variables, such as the temperature of the CPU or battery levels. What are the Different Types of Maintenance? 1 of 2
Corrective Maintenance - Is a practice that must be applied when the predictive and preventive maintenance have not worked properly or when these have not been able to avoid the failure. When a computer or system fails (for example due to a hardware failure) you want it to be operational again and as quickly and efficiently as possible, the process to do this will include repairing or replacing the device. One of the considerations to be made regarding corrective maintenance is to not only solve the failure, but also determine what was the cause of it in order to find the possible repercussions that may have affected other parts of the system. You also want to try to prevent it from happening again in the future. Evolutionary Maintenance – Is a type of maintenance not meant to correct or prevent possible failures, but to research and evolve your computing resources to the latest technologies that are available. Technology is always evolving, and that means that the tools available and the needs of users also change constantly. Evolutionary maintenance helps ensure computer systems do not become obsolete or updated in order to offer users the best technology options within your organization. What are the Different Types of Maintenance? 2 of 2
Software Maintenance
Software Maintenance - is the process of changing, modifying, and updating software to keep up with customer needs. Software maintenance is done after the product has launched for several reasons including improving the software overall, correcting issues or bugs, to boost performance, and more. It is a natural part of SDLC (software development life cycle). Software developers don’t have the luxury of launching a product and letting it run, they constantly need to be on the lookout to both correct and improve their software to remain competitive and relevant. Using the right software maintenance techniques and strategies is a critical part of keeping any software running for a long period of time and keeping customers and users happy. What is Software Maintenance?
Software maintenance is needed for several reasons: 1) Correction of ‘Bugs’ - The most important reason to conduct software maintenance is to correct errors or 'bugs'. It is very important that the software works without problems. This process contains the search for errors in the code and their correction. 2) Improving Opportunities for a Changing Environment - This is important for improving the current functions and for making the system compatible for changing the environment. It extends the capabilities of programs, work patterns, hardware upgrades, compilers, and all other aspects that affect the workflow of the system. Why is Software Maintenance Important? 1 of 2
3) Remove Obsolete Functions - Functionalities that are no longer used in the software actually reduce the efficiency of the system. Therefore, the removal of obsolete functions is necessary. Unused user interface and coding elements are removed and replaced with new functions using the latest tools and technologies. This change makes the system adaptive to changing circumstances. 4) Performance Improvement - Improving system performance in order to meet new requirements. Data and encoding constraints as well as reengineering are part of software maintenance. This minimizes the chances of the software being vulnerable. Why is Software Maintenance Important? 2 of 2
Corrective Maintenance - Is the typical, classic form of maintenance (for software and anything else for that matter). Corrective software maintenance is necessary when something goes wrong in a piece of software including faults and errors. If a company can recognize and take care of faults before users discover them, this is an added advantage that will make your company seem more reputable and reliable. Preventive Maintenance - Is looking into the future so that your software can keep working as desired for as long as possible. This includes making necessary changes, upgrades, adaptations and more. Preventative software maintenance may address small issues which at the given time may lack significance but may turn into larger problems in the future. These are called latent faults which need to be detected and corrected to make sure that they won’t turn into effective faults. What are the Different Types of Software Maintenance? 1 of 2
Perfective Maintenance - Once the software is released to the public, new issues and ideas come to the surface. Users may see the need for new features or requirements that they would like to see in the software to make it the best tool available for their needs. Perfective software maintenance aims to adjust software by adding new features as necessary and removing features that are irrelevant or not effective in the given software. This process keeps software relevant as the market, and user needs, change. Adaptive Maintenance – Involves the changing technologies as well as policies and rules regarding your software. These include operating system changes, cloud storage, hardware, etc. When these changes are performed, your software must adapt in order to properly meet new requirements and continue to run well. What are the Different Types of Software Maintenance? 2 of 2
Questions and Answers

Recommended

Importance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityImportance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityNexlar Security
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business AccountsAnayaGrewal
 
What is Access Control and Why is it Important for Cybersecurity.pdf
What is Access Control and Why is it Important for Cybersecurity.pdfWhat is Access Control and Why is it Important for Cybersecurity.pdf
What is Access Control and Why is it Important for Cybersecurity.pdfSysvoot Antivirus
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxhamzaalkhairi802
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components iiAshish Desai
 
Enterprise Se.docx
Enterprise Se.docxEnterprise Se.docx
Enterprise Se.docxgertrudebellgrove
 

Recommended

Importance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityImportance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityNexlar Security
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business AccountsAnayaGrewal
 
What is Access Control and Why is it Important for Cybersecurity.pdf
What is Access Control and Why is it Important for Cybersecurity.pdfWhat is Access Control and Why is it Important for Cybersecurity.pdf
What is Access Control and Why is it Important for Cybersecurity.pdfSysvoot Antivirus
 
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptx
ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL.pptxhamzaalkhairi802
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Information systems and its components ii
Information systems and its components iiInformation systems and its components ii
Information systems and its components iiAshish Desai
 
Enterprise Se.docx
Enterprise Se.docxEnterprise Se.docx
Enterprise Se.docxgertrudebellgrove
 
Enterprise Se.docx
Enterprise Se.docxEnterprise Se.docx
Enterprise Se.docxadkinspaige22
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33Rick Lemieux
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementEMC
 
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...Harshada Mulay
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38Rick Lemieux
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoMark John Lado, MIT
 
Alignia for Business Security
Alignia for Business SecurityAlignia for Business Security
Alignia for Business SecurityLaurie LeBlanc
 
Alignia for Business Security
Alignia for Business SecurityAlignia for Business Security
Alignia for Business SecurityLaurie LeBlanc
 
Audit Controls Paper
Audit Controls PaperAudit Controls Paper
Audit Controls PaperJennifer Lopez
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...manoharparakh
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...manoharparakh
 
Access Control System_ An Overview - Bahaa Abdul Hadi.pdf
Access Control System_ An Overview - Bahaa Abdul Hadi.pdfAccess Control System_ An Overview - Bahaa Abdul Hadi.pdf
Access Control System_ An Overview - Bahaa Abdul Hadi.pdfBahaa Abdulhadi
 
Career Exploration Week 3.pptx
Career Exploration Week 3.pptxCareer Exploration Week 3.pptx
Career Exploration Week 3.pptxKinetic Potential
 
Quantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxQuantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxKinetic Potential
 

More Related Content

Similar to Access Control and Maintenance.pptx

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access managementPiyush Jain
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementEMC
 
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...Harshada Mulay
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoMark John Lado, MIT
 
Alignia for Business Security
Alignia for Business SecurityAlignia for Business Security
Alignia for Business SecurityLaurie LeBlanc
 
Alignia for Business Security
Alignia for Business SecurityAlignia for Business Security
Alignia for Business SecurityLaurie LeBlanc
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDITRos Dina
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...manoharparakh
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...manoharparakh
 
Access Control System_ An Overview - Bahaa Abdul Hadi.pdf
Access Control System_ An Overview - Bahaa Abdul Hadi.pdfAccess Control System_ An Overview - Bahaa Abdul Hadi.pdf
Access Control System_ An Overview - Bahaa Abdul Hadi.pdfBahaa Abdulhadi
 

Similar to Access Control and Maintenance.pptx (20)

Enterprise Se.docx
Enterprise Se.docxEnterprise Se.docx
Enterprise Se.docx
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Identity and access management
Identity and access managementIdentity and access management
Identity and access management
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
 
Connecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access ManagementConnecting Access Governance and Privileged Access Management
Connecting Access Governance and Privileged Access Management
 
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
unveiling-the-true-potential-of-identity-strengthening-security-through-compl...
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John Lado
 
Alignia for Business Security
Alignia for Business SecurityAlignia for Business Security
Alignia for Business Security
 
Alignia for Business Security
Alignia for Business SecurityAlignia for Business Security
Alignia for Business Security
 
Audit Controls Paper
Audit Controls PaperAudit Controls Paper
Audit Controls Paper
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
 
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...Guarding Your Business's Core The Vital Role of Privileged Access Management ...
Guarding Your Business's Core The Vital Role of Privileged Access Management ...
 
Access Control System_ An Overview - Bahaa Abdul Hadi.pdf
Access Control System_ An Overview - Bahaa Abdul Hadi.pdfAccess Control System_ An Overview - Bahaa Abdul Hadi.pdf
Access Control System_ An Overview - Bahaa Abdul Hadi.pdf
 

More from Kinetic Potential

Career Exploration Week 3.pptx
Career Exploration Week 3.pptxCareer Exploration Week 3.pptx
Career Exploration Week 3.pptxKinetic Potential
 
Quantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxQuantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxKinetic Potential
 
Quantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptxQuantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptxKinetic Potential
 
Quantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptxQuantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptxKinetic Potential
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxKinetic Potential
 
Abuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & EducationAbuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & EducationKinetic Potential
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Kinetic Potential
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813Kinetic Potential
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Kinetic Potential
 

More from Kinetic Potential (18)

Career Exploration Week 3.pptx
Career Exploration Week 3.pptxCareer Exploration Week 3.pptx
Career Exploration Week 3.pptx
 
Quantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxQuantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptx
 
Quantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptxQuantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptx
 
Quantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptxQuantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptx
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
 
DRHA KPLIFE BOOTCAMP.pptx
DRHA KPLIFE BOOTCAMP.pptxDRHA KPLIFE BOOTCAMP.pptx
DRHA KPLIFE BOOTCAMP.pptx
 
Financial Literacy
Financial LiteracyFinancial Literacy
Financial Literacy
 
Abuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & EducationAbuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & Education
 
CAPM study session 4
CAPM study session 4CAPM study session 4
CAPM study session 4
 
CAPM Study Session 3
CAPM Study Session 3CAPM Study Session 3
CAPM Study Session 3
 
CAPM Study Session 2
CAPM Study Session 2CAPM Study Session 2
CAPM Study Session 2
 
CAPM Exam Study Session 1
CAPM Exam Study Session 1CAPM Exam Study Session 1
CAPM Exam Study Session 1
 
Lesson 2 making rules
Lesson 2 making rulesLesson 2 making rules
Lesson 2 making rules
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813
 
Lesson 8 safety
Lesson 8 safetyLesson 8 safety
Lesson 8 safety
 
My career interest
My career interestMy career interest
My career interest
 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 

Recently uploaded (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Noida 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 

Access Control and Maintenance.pptx

  • 1. Cybersecurity Families and Controls Part 1 – Access Control AND Part 2 – Maintenance 1
  • 3. According to Microsoft, Access Control is defined as: “…an essential element of security that determines who is allowed to access certain data, apps, and resources—and in what circumstances. Access control policies protect digital spaces. Access control lets the right people in and keeps the wrong people out. Access control policies rely heavily on techniques like authentication and authorization, which allow organizations to explicitly verify both that users are who they say they are and that these users are granted the appropriate level of access based on context such as device, location, role, and much more. Access control keeps confidential information—such as customer data and intellectual property—from being stolen by bad actors or other unauthorized users. It also reduces the risk of data exfiltration by employees and keeps web-based threats at bay. Rather than manage permissions manually, most security-driven organizations lean on identity and access management solutions to implement access control policies. What is Meant by the Term Access Control?
  • 4. Access Control is one of the most critical control families because it ensures all of your IT systems have adequate protection surrounding access to that information system. Unauthorized system access always precedes cyber incidents so making a solid security posture regarding access controls a must. The Access Control family itself is geared toward ensuring a system’s technical security implementations meet a minimum best practice standard for operation and certifies your network has access and account management practices in place to manage access provisioning and user account controls appropriately. Sufficiently meeting each of the controls listed in the Access Control family shows any auditor or inspector that your network identifies and authorizes legitimate users of the system while protecting against unauthorized access and system compromise. Access control is important because it minimizes company risk, but it can also be a big part of regulatory compliance. Meeting your company’s compliance needs is a significant factor in choosing an access control system. Why is Access Control Important?
  • 5. Here is a full listing of controls inside of the “Access Control” control family: AC-1 ACCESS CONTROL POLICY AND PROCEDURES AC-2 ACCOUNT MANAGEMENT AC-3 ACCESS ENFORCEMENT AC-4 INFORMATION FLOW ENFORCEMENT AC-5 SEPARATION OF DUTIES AC-6 LEAST PRIVILEGE AC-7 UNSUCCESSFUL LOGON ATTEMPTS AC-8 SYSTEM USE NOTIFICATION What Controls are Part of the Access Control Family? 1 of 3
  • 6. Here is a full listing of controls inside of the “Access Control” control family: AC-9 PREVIOUS LOGON (ACCESS) NOTIFICATION AC-10 CONCURRENT SESSION CONTROL AC-11 SESSION LOCK AC-12 SESSION TERMINATION AC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION OR AUTHENTICATION AC-16 SECURITY ATTRIBUTES AC-17 REMOTE ACCESS AC-18 WIRELESS ACCESS What Controls are Part of the Access Control Family? 2 of 3
  • 7. Here is a full listing of controls inside of the “Access Control” control family: AC-19 ACCESS CONTROL FOR MOBILE DEVICES AC-20 USE OF EXTERNAL INFORMATION SYSTEMS AC-21 INFORMATION SHARING AC-22 PUBLICLY ACCESSIBLE CONTENT AC-23 DATA MINING PROTECTION AC-24 ACCESS CONTROL DECISIONS AC-25 REFERENCE MONITOR NOTE: In NIST SP 800-53 Rev. 5, AC13-SUPERVISION AND REVIEW, and AC15-AUTOMATED MARKING were incorporated into other controls. What Controls are Part of the Access Control Family? 3 of 3
  • 8. Role-Based Access Control (RBAC) Role-based access control attributes permissions to a user based on their roles/duties/business responsibilities. As the most common access control system, RBAC determines access based on your role in the company—ensuring lower-level employees aren’t gaining access to high-level information unnecessarily. Mandatory Access Control (MAC) Mandatory access control is the most secure type of access control. Only owners and custodians have access to the systems. All the access control settings are preset by the system administrator and can’t be changed or removed without his or her permission. What are the Most Common Types of Access Control Systems?
  • 9. Discretionary Access Control (DAC) With a discretionary access control, the data owner of the company can decide how many people have access to a specific location. Each access control point has a list of authorized users. Every time a keycard is swiped, a PIN is punched, or a fingerprint is scanned, the system checks the credential against the list and either allows or denies access based on the previously set allowances. Rule-Based Access Control (RBAC) Not to be confused with the other “RBAC,” rule-based access control is commonly used as an add-on to the other types of access control. In addition to whatever type of access control you choose, rule-based access control can change the permissions based on a specific set of rules created by the administrator. What are the Most Common Types of Access Control Systems?
  • 10. Choosing the type of access control system that is most suitable for your organization, there are a number of factors involved. Some of those factors include the nature of your business, security procedures within the organization, and the number of users on the system. Places of business with small or basic applications will probably find Discretionary Access Control to be less complicated and better utilized. If, however, you have highly confidential or sensitive information on your business platform, a Managed Access or Role-Based Access Control system are two options you may want to consider. How to Choose the Correct Access Control System for Your Business?
  • 11. Develop an Access Control Policy - It’s prudent to begin by developing access control policies to manage everyone using business facilities and systems. Start by collecting data on human behavior at work and the facilities they frequently access. It will form a baseline to launch the access control program. Establish Layered Defenses - The underlying technology in access control devices can easily be cracked and expose your organization. It is a best business practice to add more security layers to handle breach attempts in access control systems. Integrate Access Control Into Internal Management Systems - Businesses that use different technologies to support their operations are prone to internal and external breaches. To mitigate these threats, another best practice to implement is to integrate access control to consolidate systems functions and monitor real-time activities within your network. Tip and Best Practices to Support Your Access Control Implementation 1 of 3
  • 12. Centralize Access Control Management - Centralization of access control allows you to design a security layout for your Enterprise. It’s one way to pinpoint potential risks and create countermeasures to mitigate your exposure. Also, it works as a data collection point for your business, which can be helpful for decision-making purposes. Training And Development - Technology is forever evolving and users must keep up with the frequent changes. So as a best practice you should periodically conduct training and development for your staff to enhance security in your business processes. Frequently Audit And Upgrade Access Control Software - It’s crucial to audit your access control management and continuously improve the infrastructure. You might spot gaps in your systems that make you vulnerable to attacks. You should retire obsolete access control technology and replace it with a new and improved one. Tip and Best Practices to Support Your Access Control Implementation 2 of 3
  • 13. Protect Passwords - Your organization should have management tiers with designated authority to access business information. Authorized personnel should use or have unique credentials and passwords to access your systems and must protect them at all costs. Block and/or Delete Invalid and Dormant Accounts - Labor turnover and changes in roles happen all the time in business. Retaining such user accounts is risky and may lead to security breaches in your network. Blocking or deleting unused accounts within your IT backup systems is crucial. In summary, Access Control (AC) is one way to insulate your business from potential breaches or electronic attacks. It is a multi-functional tool to manage people and monitor activities within your organization. Installing AC systems requires an analytical review of your business operations and the exposure risks you face in the digital age. AC systems help you develop measures such as user policies incorporating best practices to access control. Tip and Best Practices to Support Your Access Control Implementation 3 of 3
  • 15. Like all electronic devices (from a car to a dishwasher), in order to function properly, computers need maintenance. And based on its importance and complexity, computer equipment maintenance requires special attention. When approaching the different types of IT maintenance, two aspects must be considered: 1) The term “maintenance” includes both hardware and software of the computer. Both are very important and will decisively influence the operation of the system. 2) Various types of maintenance can work simultaneously. In the case of corrective maintenance, it will act if the predictive maintenance or preventive maintenance are not able to anticipate the problem. What is Meant by the Term IT Maintenance?
  • 16. Early Detection of Issues - Maintenance checks and regular upkeep helps detect issues early and pinpoint the potential threats to the IT network, computers, and servers. When it comes to computer systems, even the smallest system issues could leave the door open for breaches and bigger potential faults. Regular maintenance can point out these small IT system problems and eradicate them before they get out of control. Viruses and Malware Prevention - There are numerous types of malware out there just waiting to infect systems and cause security and confidentiality issues, data leakage and system crashes. Preventing cyberattacks is tricky because each attack and malware is different. Therefore, it is extremely important to protect the corporate network instead of waiting around to deal with consequences. Faster Loading Times - System maintenance is a great way to speed up all your IT systems and computers and improve processing times. IT maintenance services can identify issues to help optimize system performance so your devices load faster. This includes fragmenting computer files, removing malicious code, updating outdated software, patching security gaps, etc. Why is Maintenance Important? 1 of 2
  • 17. Maximize Software Efficiency - Includes installment of software updates to their latest version and installment of new patches, whenever such are available. Cyber criminals are always targeting system and software weaknesses. A good IT maintenance program provides updates for each software package during regular maintenance. This practice helps your software programs run at their best. Prevent Data Loss - No matter if you work with lots of files, personal info, or/and sensitive information, no organization is safe from data loss. Data loss is typically caused by a system reboot, malware, viruses, or hacker attacks. Regular computer maintenance lowers the risks by ensuring all network systems are checked and all firewalls, antivirus software, and computer applications are working as expected. Documenting IT Concerns - Keeping track of past, potential and ongoing issues is very important. Effective IT maintenance programs mandate the documentation of even minor system malfunctions, server outages, and potential threats to the computer system. Documenting preventive maintenance and analyzing network architecture is a game-changer. Having every technical aspect of your business monitored is a superb way to keep work computers and technology at their optimal condition. Why is Maintenance Important? 2 of 2
  • 19. Preventive Maintenance - Is a very frequent type of maintenance carried out in order to prevent possible failures and improve the functioning of a system. Preventive Maintenance can also extend the useful life of the different components of your IT system, and decreases the number and length of system downtimes. It can reduce the number of repairs and detect weak points in the system that might affect its operation. Predictive Maintenance - Is a type of maintenance that is carried out using diagnostic tools, in order to anticipate possible failures and to try to avoid them before they occur. One of the most effective ways in which predictive maintenance is carried out is through the monitoring of computer systems using tools such as monitoring software. This practice helps to control all different types of variables, such as the temperature of the CPU or battery levels. What are the Different Types of Maintenance? 1 of 2
  • 20. Corrective Maintenance - Is a practice that must be applied when the predictive and preventive maintenance have not worked properly or when these have not been able to avoid the failure. When a computer or system fails (for example due to a hardware failure) you want it to be operational again and as quickly and efficiently as possible, the process to do this will include repairing or replacing the device. One of the considerations to be made regarding corrective maintenance is to not only solve the failure, but also determine what was the cause of it in order to find the possible repercussions that may have affected other parts of the system. You also want to try to prevent it from happening again in the future. Evolutionary Maintenance – Is a type of maintenance not meant to correct or prevent possible failures, but to research and evolve your computing resources to the latest technologies that are available. Technology is always evolving, and that means that the tools available and the needs of users also change constantly. Evolutionary maintenance helps ensure computer systems do not become obsolete or updated in order to offer users the best technology options within your organization. What are the Different Types of Maintenance? 2 of 2
  • 22. Software Maintenance - is the process of changing, modifying, and updating software to keep up with customer needs. Software maintenance is done after the product has launched for several reasons including improving the software overall, correcting issues or bugs, to boost performance, and more. It is a natural part of SDLC (software development life cycle). Software developers don’t have the luxury of launching a product and letting it run, they constantly need to be on the lookout to both correct and improve their software to remain competitive and relevant. Using the right software maintenance techniques and strategies is a critical part of keeping any software running for a long period of time and keeping customers and users happy. What is Software Maintenance?
  • 23. Software maintenance is needed for several reasons: 1) Correction of ‘Bugs’ - The most important reason to conduct software maintenance is to correct errors or 'bugs'. It is very important that the software works without problems. This process contains the search for errors in the code and their correction. 2) Improving Opportunities for a Changing Environment - This is important for improving the current functions and for making the system compatible for changing the environment. It extends the capabilities of programs, work patterns, hardware upgrades, compilers, and all other aspects that affect the workflow of the system. Why is Software Maintenance Important? 1 of 2
  • 24. 3) Remove Obsolete Functions - Functionalities that are no longer used in the software actually reduce the efficiency of the system. Therefore, the removal of obsolete functions is necessary. Unused user interface and coding elements are removed and replaced with new functions using the latest tools and technologies. This change makes the system adaptive to changing circumstances. 4) Performance Improvement - Improving system performance in order to meet new requirements. Data and encoding constraints as well as reengineering are part of software maintenance. This minimizes the chances of the software being vulnerable. Why is Software Maintenance Important? 2 of 2
  • 25. Corrective Maintenance - Is the typical, classic form of maintenance (for software and anything else for that matter). Corrective software maintenance is necessary when something goes wrong in a piece of software including faults and errors. If a company can recognize and take care of faults before users discover them, this is an added advantage that will make your company seem more reputable and reliable. Preventive Maintenance - Is looking into the future so that your software can keep working as desired for as long as possible. This includes making necessary changes, upgrades, adaptations and more. Preventative software maintenance may address small issues which at the given time may lack significance but may turn into larger problems in the future. These are called latent faults which need to be detected and corrected to make sure that they won’t turn into effective faults. What are the Different Types of Software Maintenance? 1 of 2
  • 26. Perfective Maintenance - Once the software is released to the public, new issues and ideas come to the surface. Users may see the need for new features or requirements that they would like to see in the software to make it the best tool available for their needs. Perfective software maintenance aims to adjust software by adding new features as necessary and removing features that are irrelevant or not effective in the given software. This process keeps software relevant as the market, and user needs, change. Adaptive Maintenance – Involves the changing technologies as well as policies and rules regarding your software. These include operating system changes, cloud storage, hardware, etc. When these changes are performed, your software must adapt in order to properly meet new requirements and continue to run well. What are the Different Types of Software Maintenance? 2 of 2