Shabib

Roll no 52

Access control design

Access control is a security technique that regulates who or what can view or
use resources in a computing environment. It is a fundamental concept in
security that minimize risk to the business or organization.

There are two types of access control: physical and logical. Physical access
control limits access to campuses, buildings, rooms and physical IT assets.
Logical access control limits connections to computer networks, system files
and data.

Why is access control important?

The goal of access control is to minimize the security risk of unauthorized
access to physical and logical systems. Access control is a fundamental
component of security compliance programs that ensures security technology
and access control policies are in place to protect confidential information
such as customer data. Most organizations have infrastructure and
procedures that limit access to networks, computer systems, applications, files
and sensitive data, such as personally identifiable information (PII) and
intellectual property.

How access control works

These security controls work by identifying an individual or entity, verifying
that the person or application is who or what it claims to be, and authorizing
the access level and set of actions associated with the username or Internet
Protocol (IP) address. Directory services and protocols, including Lightweight
Directory Access Protocol (LDAP) and Security Assertion Markup Language
(SAML), provide access controls for authenticating and authorizing users and
entities and enabling them to connect to computer resources, such as
distributed applications and web servers.

Challenges of access control

Many of the challenges of access control stem from the highly distributed
nature of modern IT. It is difficult to keep track of constantly evolving assets as
they are spread out both physically and logically.