Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Security IS3230.

Similar presentations


Presentation on theme: "Access Security IS3230."— Presentation transcript:

1 Access Security IS3230

2 Name: Williams Obinkyereh
MSc. IT, Post Masters Software Engineering DSC (Doctor of Computer Science) Student. Contacts: Phone:

3 Introduction Class introduction Introduction of Course Syllabus.
Course Summary Lab Infrastructure (Mock) Course Plan Evaluation Academic integrity Discussion and questions about syllabus.

4 Access Control Framework
Chapter 1 Access Control Framework

5 Goals Identify Access control components
Define stages of Access control Define and understand authentication factors

6 10 Security Domain. Common Body of Knowledge (CBK) defines 10 Security Domains Access Control Telecommunications and Network Security Information Security Governance and Risk Management Software Development Security Cryptography Security Architecture and Design Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations and Compliance Physical (Environmental) Security

7 Access Control To control access to information so that organizations can maintain the confidentiality, integrity, and availability of that information CIA

8 What is Access Control? Access is the ability of a subject to interact with an object. Or Interaction between or among entities. Give Examples. Access controls are rules for allowing or denying access. Permissions or restriction between and among entities.

9 Components of Access Control
Policies-rules allowing access to resources Subjects-entities requesting for access to a resource. Objects-Resource. Using an ATM machine as example. Access control Systems: Policies, Procedures, Tools

10 Access Control Subject
Authorized entity-Have approved credentials Authorized entity-No proper credentials or have no privilege. Unknown entity-No credentials, Anonymous Students give examples.

11 Information systems subjects (Technology subjects)
Networks Systems Processes Applications Explain by discussing inter processs Communication.

12 Access Control Objects
Information- Any type of dataset Technology- Application, Systems and Network Physical location Note: Students discussion of Objects.

13 Access control process:
Identification-the assignment of a unique user ID Authentication-Prove of identification Authorization-Set of rights defined for subjects and objects, Rules, Privileges Accounting-tracking the actions of subjects using objects. Example what an authorized or an authorized user do on the system.

14 Authentication Mechanism
Authentication is a prove of Identity. How do you prove? Use authentication Mechanisms. Authentication factors; Passwords Token/Pin Biometric Share secret CAPTCHA- Completely Automated Public Test to tell Computers and Humans Apart

15 Authorization Set of rules defined for the subjects. Permissions
Restrictions Student discuss and give examples.

16 Access Control Classification
Logical Access Control Login into system What you most likely doing Physical Access control Environmental Most of the time not responsibility of IT dept

17 Logical Access Control Criteria
Who, What, When, Where, Why and How Group Access controls Grouping of individuals base on son criteria to assign collective access. Advantages: Simplifies the management of access control rules.

18 Logical Access Control Objects
Data element –Security restriction to data element Table: database table object Database Systems Operating system Network

19 Authentication Factors
Three level of Authentication factors Something you know Something you have Something you are. Class discussion on Authentication Factors What authentication factor will you use and why. Can we combine more two or more authentication factors?

20 Lab #1 Group Policy objects Assessment Work Sheet
Assess the impact control for Regulatory case Study

21 Assignments Complete Chapter 1 Assessment-Page 14 question 1 to 14.
Reading assignment: Read Chapters 1, 2 and 3 before the next class.


Download ppt "Access Security IS3230."

Similar presentations


Ads by Google