- Trending Categories
- Data Structure
- Operating System
- MS Excel
- C Programming
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What is an Access Control in Information Security?
Access Control is an approach of security that controls access both physically and virtually unless authentication credentials are supported. Access control generally defined restricting physical access to a facility, building or room to authorized persons. This can be used to be enforced generally through a physical security guard.
An Access Control system generally involves locked gates, doors or barriers which can be opened using identity authentication approaches such as RFID access cards, pin codes, face recognition, finger prints or smartphones to enable entry to a building or specific area.
Access control includes data and physical access protections that strengthen cybersecurity by handling user authentication to systems. Managing access defines setting and enforcing suitable user authorization, authentication, role-based access control policies (RBAC), attribute-based access control policies (ABAC).
An Access Control system enables complete control of which users have access to different areas. Because authorisation is given, an employee can access some areas they required for their job. Using a key card or inputting a PIN for instance, the employee can access multiple doors, gates & barriers, or designated routes with ease.
Access control evolved into the authentication, authorization and audit of a user for a session. Access control authentication devices evolved to contains id and password, digital certificates, security tokens, smart cards and biometrics.
RBAC is generally found in government, military and multiple enterprises where the role definitions are well defined, the pace of change is not that quick and the supporting human resource environment is capable of maintaining up with changes to an identity their roles and privileges.
Access control is the procedure by which users are identified and granted specific privileges to information, systems, or resources. Understanding the element of access control is essential to understanding how to handle proper disclosure of information.
Access control is the ability to allow or deny the use of a specific resource by a specific entity. Access control structure can be used in handling physical resources (including a movie theatre, to which only ticket-holders must be admitted), logical resources (a bank account, with a limited number of people authorized to create a withdrawal), or digital resources. Digital resources involves a private text files on a computer, which only specific users should be able to read.
Today, in the age of digitization, there is a convergence among physical access control and computer access control. Modern access control (generally defined in the market as “identity management systems”) support an integrated set of tools to manage what a user can create physically, electronically and virtually and supporting an audit trail for the long period of the user and their interactions with the enterprise.
- Related Articles
- What is Mandatory access control in information security?
- What is the objectives of Access Control in information security?
- What is a Visitor Control in Information Security?
- What is an Enterprise database security in information security?
- What is an Information Security Metrics?
- What is an application gateway in information security?
- What is an Encryption key in Information Security?
- What is information classification in information security?
- What is Physical Security in information security?
- What is Security Management in Information Security?
- What is Database Security in information security?
- What is Security Model in information security?
- What is an Intrusion Detection System in information security?
- What is an Intrusion Prevention System in information security?
- What is an Application-level Firewalls in information security?