Sufficient security of information and information systems is an important role of any organization’s management. Access control deals with establishing thepermitted activities of authentic users and facilitatingeach attempt by a user to access resources in the system (Hu,Ferraiolo, and Kuhn 1). Companies intending to implement an access control system need to consider access control policies, models, and mechanisms. Access control policies are requirements that illustrate the way access is controlled and the circumstances under which a person can access information(Hu, Ferraiolo, and Kuhn 4).
Deliberate sharing of information is the major function of information systems. However, the techniques of controlling access to information unlike data are yet to be fully developed more so in relation to major decisions concerning the kind of information users can access, when, and under what conditions. This paper presents the case for access control to be clearly incorporated into models of information behavior, particularly as they are connected to access to information on the relatively unregulated Internet (Watters and Ziegler 268).
Several firms have been victims of cyber-attacks that resulted in breach of confidential data (Beckett and Graf 18). Most companies have recognized that information security symbolizes a critical risk that requires careful management. However, effecting controls over information security involves many challenges, particularly to organizations that have no required IT resources. A number of security measures were established to be effective in creating control over information security. Implementing access control assists in ensuring that only authorized people are allowed to access critical areas of information (Beckett and Graf 18).
Physical access controls involves restricting access to the regions where the organization’s server is kept with a lock or access code. It is important to use encrypted mass storage devices (Beckett and Graf 18). Logical access controls are tools and protocols used in identifying, authenticating, and authorizing computer information system users, including software programs. There are several ways of guarding and managing sensitive information during every step of data flow in an organization. When receiving data, the important factors to consider are the type of information the firm gathers, whether it contains data that should be protected, and if it can be redacted or modified to delete sensitive information before the organization receives it (Beckett and Graf 19). In transmitting data, an organization should consider the way information is provided to and received from clients. Sending sensitive information electronically requires the use of an encrypted or password-protected email or a secure client portal. An organization should implement logical access control in the areas where sensitive information is stored, such as servers, electronic storage devices, print drivers, and email servers. Data destruction requires use of a document shredder to destroy old work papers or a program that can wipe a hard drive to delete all electronic files completely. In data retention, organizations should not keep information longer than the required period. A firmwide record-retention period should be adopted and firmwork papers should be destroyed as per selected period for applicable documents (Beckett and Graf 19).
A condition of access control is considered safe if no permission can be disclosed to an unauthorized party. To ensure safety of an access control system, it is important to make sure the access control model does not discloseauthorizations to unsanctioned people.Various software tools are created to assist prevent or detect intruders in an organization’s network. For example, firewalls are crucial techniques for keeping a computer secure from invaders. A firewall permits or blocks traffic into or out of a private network depending on given security measures (Beckett and Graf 19).
Beckett Ference, Sarah, and Nickolas Graf. “Controlling Your Data.” Journal Of Accountancy 222.2 (2016): 18-20. Business Source Complete. Web. 17 Aug. 2016.
Watters, Paul A., and Jacqueline Ziegler. “Controlling Information Behaviour: The Case For Access Control.” Behaviour& Information Technology 35.4 (2016): 268-276. Library, Information Science & Technology Abstracts. Web. 17 Aug. 2016.
Hu, Vincent C., David Ferraiolo, and D. Richard Kuhn. Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology, 2006.