The most common types of systems access controls
Access control requires unique user identification, emergency access procedure, automatic log-off, and encryption and decryption of data. In order to maintain confidentiality, integrity and availability of data, it is important to control access to the information system. Controls prevent unauthorized users from accessing the system and/or altering data. They also prevent authorized users from making unauthorized changes to data. Some common examples are User-based, Role-based and Context-based access control with the strongest security on Context-based access control.
Controls placed on access are categorized in three ways: preventive, detective, or corrective. The key to access controls is declaring who you are when before entering a system and having the system verify that you are allowed access. This is known as identification and authentication. There are different ways to authenticate users like: PIN, password, phrase, pass code, ATM, token, smart card, fingerprint, retina, etc.
The steps of access controls are: work by identifying and authenticating a user in the system, then authorizing them the user to use or see access an application or data, and finally accounting for what they are doing.
Three symptoms/indications of inadequate systems security protection.
• Inadequate policies, procedures, and culture governing control system security.
Security begins with a culture and mindset of all those involved. “There is a tendency to think of security in terms of a technical solution: firewalls, passwords, etc. “While those elements may cover 20% of the overall solution, common sense approaches to security implemented by plant personnel should make up the remaining 80%.
• Remote access without appropriate access control.
User accounts should be set up to grant access and permission based on the defined role of the user (engineer, operator, maintenance technician, remote view-only connection, etc.). This follows the principle of minimal rights whereby users and computers are configured with the minimum set of access rights necessary to perform their role.”
• Inadequately secured wireless communication
“Wireless security isn’t just a big issue for control systems, but for all uses, mainly because wireless is becoming so pervasive,” says Staggs. “It’s very easy to plug wireless in almost anywhere. However, you have to be able to find the signals and know if someone has put in a rogue point.