Please enable JavaScript.
Coggle requires JavaScript to display documents.
10.4.5 (Remote Access Security (Remote access risk includes the following:…
10.4.5
Remote Access Security
In providing this capability, a variety of methods and procedures are available to satisfy an organization’s business need for this level of access.
Remote access users can connect to their organization’s networks with the same level of functionality that exists within their office.
-
-
-
AUTHORIZATION ISSUES
Access control
The authorization process used for access control requires that the system be able to identify and differentiate among users. :point_up_2: :boy: :boy::skin-tone-2: :boy::skin-tone-3: :boy::skin-tone-4:
-
often based on least privilege, which refers to the granting to users of only those accesses required to perform their duties :cake:
Access should be on a documented need-to-know and need-to-do basis by type of access. :black_square_for_stop:
When IS auditors review computer accessibility, they need to know what can be done with the access and what is restricted.
Access Control Lists
To provide security authorizations for the files and facilities listed previously,
logical access control mechanisms use access authorization tables, also referred to as access control lists (ACLs) or access control tables.
refer to a register of:
• Users (including groups, machines and processes) who have permission to use a particular system resource
-
-
-
PA&ISAEMSN
policy identification & authentication standards authorization encryption management of sys. and Net
-