controls over access to information systems

Information systems contain important data - so it makes sense to restrict user access. How is this done?

---

Control Access to What?

Businesses need to control access to:
Information
Computer applications
Operating system facilities

How is It Achieved?

Control over access to an information system is achieved by using a logical access system: such a system:

- Requests details of the identification of the user (e.g. by requesting a username and password)
- Checks whether the user has the authority to access the system
- Authenticates the user and allows access

Effective control ensures that staff have appropriate access to information and applications, and do not abuse it.

Management issues, such as periodic reviews of user accounts, can apply as much to IT systems as to physical access control systems. Confidentiality of information is best achieved by ensuring that people only have access to the information they actually need.

If access rules are too detailed, managing them will be very difficult. If they are too general, people will have access to information or applications that they will never need. A balance must be struck depending on:

Needs of the business
Security features provided by the systems
Trust in staff

Consideration of security issues during system design, development and procurement will greatly enhance effectiveness. Look for:

Strong password enforcement

Management of access rights to read, amend, process or delete information

Analysis of what users require to do their job

Analysis of the security features each system can provide

About tutor2u tutor2u is the leading global publisher of e-learning resources for Economics, Business, Politics, Enterprise, Law, Sociology, Religious Studies and related subjects. Our materials are used by over 3,500 schools and colleges in the UK and in educational institutions in over 85 other countries. tutor2u offers a range of free and subscription-based materials - designed to support teachers and inspire students. The business also runs a popular series of student revision workshops and teacher conferences. tutor2u was named Online Learning Resource of the Year at the prestigious BETT Show - the World's leading educational show.

Privacy & terms of Use Our privacy policy is published here: www.tutor2u.net/privacy.asp. The terms of use of this website are set out here: www.tutor2u.net/terms.asp. " tutor2u" is a registered trade mark. The information contained on this website is copyright Tutor2u Limited. All rights reserved

Contact us The sales team at tutor2u can be contacted by phone on 0844 800 0085. Orders can be faxed to 01937 529236. The office address is: Tutor2u Limited, Boston House, 214 High Street, Boston Spa, UK LS23 6AD   To contact tutor2u by email, please use this form: Tutor2u - Contact Form

Teacher Newsletters & Subject Blogs tutor2u publishes a variety of free teacher newsletters and blogs for our featured subjects. Teachers can access these materials here: Teacher Newsletters  A daily RSS feed for each of our free subject blogs can be accessed here