Access control in relation to risk
Access control in relation to risk, threat and vulnerability:-
Risk is defined to be an activity of finding threat full methods and weakness getting access to destroy assets.
It is defined to be a space or weakness in system’s security that helps to find threats and obtain access to unintended people. It can be useful for cyber hackers to get access for content into a system of an organization even though they are unauthorized to do so.
Threats can be anything which is present interior to the system or exterior, whether happens coincidentally or in an accident manner and may destroy security of organization.
Access control and its relation to the above defined factors:-
Access control to any organization is helpful to minimize the potential risks to the organization by prevention of ways possible vulnerabilities attacking the system.
Risk is nothing but function of threats exploiting weakness to destroy assets, thus threats might exist but if the vulnerabilities are less then there a chance of very less risk .In a similar manner if the system is vulnerable and we have no or little threat, we have little risk
Access control eliminates Vulnerabilities by the following ways:
• Encrypting URL content , data
• Maintenance and creating time out sessions
• Encrypting data in the database itself so that no one can fetch the data by using simple SQL injection queries
Access control eliminates threats by following methods:
• Verifying digital signatures in the web pages
• Parsing each HTTPS requests in order to verify the previously logged in user.
• Using the IP address or location of person who is trying to authenticate.
The Relation between Access control and its Impact on CIA:
CIA describes the major foundation security elements of any organization.
Relation with confidentiality:
It is securing the secret or privacy of credentials on the server or cloud. Data confidentiality should be addressed whether the data is stored, rest and transported in the cloud or in the premises of data center. Data kept in the cloud or data center should be fully encrypted to prevent unauthorized access. In this way, access control helps an organization in maintaining this factor.
Relation with Availability:
This factor is ensuring that application is always available for intended user to access their personal data.
Access control helps the user in authenticating from anywhere around the globe at any time. It helps user getting access to any confidential data of the organization. Cyber-attacks may threaten the application security being available for all the time. In order to prevent that appliance protection should be implemented to prevent from cyber-attacks.
Relation with Integrity:
Integrity promises that a particular application is working as intended and the secret data is available to intended users only. Development operations team need to create and ensure security of all their applications data and also have the control of managing changes so that unintended changes won’t impact this factor in any way in an application.
Access control and its importance within info security: