Access Controls: Physical and Logical Security Measures for Protecting Assets, Slides of Business Management and Analysis

An overview of access controls, their importance in securing physical and logical assets, and different types of access controls. It covers physical controls such as biometric devices, security guards, and locks, and logical controls like firewalls, encryption, and passwords. The document also discusses aligning risks and controls, authorization vs. Authentication, auditing access controls, and issues affecting risks.

Typology: Slides

2011/2012

Uploaded on 12/20/2012

devashish
devashish 🇮🇳

4.3

(24)

111 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Access Controls
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Access Controls: Physical and Logical Security Measures for Protecting Assets and more Slides Business Management and Analysis in PDF only on Docsity!

Access Controls

What are access controls?

  • Controls that provide security against internal and external threats
  • 2 Types of access controls:
    • Physical controls
    • Logical controls

Examples of Physical controls

  • Biometric devices
  • Security guards
  • Locks and keys
  • Surveillance
  • Alarm system

Logical Assets

  • Servers and their operating systems
  • Network systems
  • Database systems or file systems
  • Users Applications
  • Communication systems
  • Online Reports
  • Audit logs

Aligning risks and control

Level of protection (^) Level of Risk

Authorization vs. Authentication

Issues affecting risks

  • Size of the system
  • Complexity
  • Local vs. Remote
  • Wireless Technologies
  • Shared files and databases
  • Changes to infrastructure

Test of Controls

  • Penetration tests
  • Monitor controls
  • Review controls

Risk monitoring tactics

  • Number of external intrusion attempts
  • Number of internal unauthorized attempts
  • Number of security incidents caused by unauthorized access
  • Number of entitlement reviews not in compliance