controls over access to information systems
Information systems contain important data - so it makes sense to restrict user access. How is this done?
Control Access to What?
Businesses need to control access to:
Operating system facilities
How is It Achieved?
Control over access to an information system is achieved by using a logical access system: such a system:
- Requests details of the identification of the user (e.g. by requesting
a username and password)
- Checks whether the user has the authority to access the system
- Authenticates the user and allows access
Effective control ensures that staff have appropriate access to information and applications, and do not abuse it.
Management issues, such as periodic reviews of user accounts, can apply as much to IT systems as to physical access control systems. Confidentiality of information is best achieved by ensuring that people only have access to the information they actually need.
If access rules are too detailed, managing them will be very difficult. If they are too general, people will have access to information or applications that they will never need. A balance must be struck depending on:
Needs of the business
Security features provided by the systems
Trust in staff
Consideration of security issues during system design, development and procurement will greatly enhance effectiveness. Look for:
Strong password enforcement
Management of access rights to read, amend, process or delete information
Analysis of what users require to do their job
Analysis of the security features each system can provide
Working with Our Strategic Partners
Boston House | 214 High Street | Boston Spa | West Yorkshire | LS23 6AD | Tel +44 0844 800 0085 | Fax +44 01937 529236
Company Registration Number: 04489574 | VAT Reg No 816865400