-
Essay / The Dynamism of Access Control - 2713
Heterogeneous and dynamic environments create the need for a viable access control system in such a way that data and information security is robustly ensured. Organizations have different types of resources whose access requires regulation. The goal is to ensure that only intended people can access resources while keeping the unauthorized person out of the loop. Even then, the hierarchy, type and degree of task delegated to a user will determine the level of access granted to them. For example, a user with the "accountant" role normally has different access rights than a user with the "supervisor" role. The sensitivity of resources is directly proportional to the level of security set on the resources as well as the degree of access. Many challenges are observed during the implementation of access control mechanism in information security, and not all of them can be addressed equally. This development has introduced a threat to information security, which therefore requires appropriate countermeasures to ensure that the risk of loss of sensitive and important data in the hands of unauthorized users is mitigated. In this article, the role played by access control models in dictating the path forward for granting or denying specific access requests will be investigated in a dynamic information security environment. Current research studies numerous methodologies and assessments for the assessment and implementation of protection and controls with information privacy [4]. However, the application of access control being a major factor in the security of information systems, it is necessary to build a dynamic access control policy. These policies constitute the certification, regulatory and legislative requirements...... middle of paper ...... the collection and organization of audit data, as well as the analysis of the data to disentangle the violations of security and access control policies (Lunt, 1993; Mukherjee, Heberlein & Levitt, 1994). Therefore, audit data requires additional protection against modification by an attacker or intruder. But incidentally, audit data analysis is in most cases carried out whenever a criminal act is suspected. The Intrusion Detection System (IDS) is one of the key tools for carrying out an access control audit. Today, access control auditing is inevitable, mainly in the IT sector. Given the recent increase in database usage, the growth of network access points (particularly in remote connectivity), and the speed at which wireless technologies are evolving, it is absolutely essential evaluate the effectiveness of the available access control mechanism to verify the alignment of the protection level. at the level of risk.