The Dynamism of Access Control

2713 Words11 Pages
Heterogeneous and dynamic environments creates a need for a viable access control system in such a way that the security of data and information will be solidly ensured. Organizations have various types of resources that need access regulation. The purpose of which is to make sure that only the intended can access the resources while keeping the unauthorized person out of the loop. Even at that, hierarchy, type and the degree of task delegated to a user will determine the level of access that he or she will be granted. For example, a user with role “accountant” normally has different access rights than user with role “supervisor”. The sensitivity of resources is directly proportional to the security level mounted upon the resources and likewise the degree of access. Many challenges are witnessed during the course of implementing access control mechanism in information security, and all of them cannot be dealt with equally. This development introduced threat to information security which consequently sets in the requirement for appropriate countermeasures in ensuring risk of losing sensitive and important data into the hands of unauthorized users are mitigated. In this paper, the role played by the access control models in dictating the path in granting or denying specific access requests will be investigated in a dynamic information security environment. Current researches studies many methodologies and appreciations for the evaluation and implementation of protection and controls with information privacy [4]. However, since access control application is a major factor in information system security, there is a need for building a dynamic access control policy. These policies form the certificatory, regulatory and, legislator requ... ... middle of paper ... ... the audit data collection and organization, and analysis of the data to unravel security and access control policies violation (Lunt, 1993; Mukherjee, Heberlein & Levitt, 1994). Consequently, audit data requires additional protection from modification by an attacker or intruder. But incidentally, analysis of audit data are in most case performed whenever a foul-play is suspected. Intrusion Detection System (IDS) is one of the key tools that seeks to help perform access control audit. Today, access control audit is inevitable, mostly in IT industry. Seeing the recent database usage increase, growth of networks access points (most especially in remote connectivity), and rate at which wireless technologies evolve, it is absolutely essential to assess the efficiency of the available access control mechanism to verify the alignment of protection-level to the risk-level.

More about The Dynamism of Access Control

Open Document