IT Security for Individuals and Organizations
Risk Assessment Identifying the threats
The best way to prevent computer security breaches is by first understanding potential risks that are out there. Risk assessment surveys are great ways of identifying the risk an individual or organization may come across. This will allow for threat levels to be placed on particular risk based off the likelihood of occurrence and the severity if they ever do take place. There are many methods and practices to help reduce the felt impact of a security breach. Everything from business continuity planning, which is a set of contingency plans in the event a security threat takes place or risk management practices that help speed up recovery operations. This attitude towards information technology is great, with that being said if we can prevent these breaches from ever happening in the first place and stay proactive everything else will just be a secondary line of precautions.
The first line of defense is perimeter security, which includes access control measures. Information security is much different from physical security, but the same principles do apply. According to Rouse M from Tech Target access control, when referring to IT is defined as “a security technique that regulates who or what can view or use resources in a computing environment.”( Rouse M, page 1 paragraph 1, Sep 2018) This, of course, is easier said than done. The real question is how to have a program open enough, but at the same time still have adequate security measures. The issue when you combine security and business is allowing an open but secure work environment. For example, what this means is the tighter security restrictions you have on access control the more difficult it is to conduct business but results in better incident response. On the other hand the more open your access control measures are the less secure your information will be and in theory it will be easier to conduct business. This is usually covers the bases of needs for an individual or organization.
Types of Access Control Measures
Luckily there is a variety of options out there. Based on the information being shared and stored, it usually determines the level of security. In physical security access, control is designed to concentrate traffic to a limited number of areas equipped with barriers guards lighting systems CCTV devices etc. The key point is access must be granted by security personnel once the proper credentials are confirmed. Going back to access control in the IT world, it is the same concept consisting of two main factors authentication and authorization. For many of us single sign on access control measures are generally all we need. An SSO will allow us to access multiple pieces of information using one password and username combination. An SSO leans more towards the openness over the security aspect of IT security making it not recommended for protecting sensitive information.
Mandatory Access Control
For the individuals and organizations who want to lean more towards security over openness mandatory access control is a great option. For the people right in the middle, discretionary access control may be for you. It gives the control to the system administrators. What this means is the system can be tailor made by the administrator to better fit their needs. It is important to first understand the risks that are out there through risk assessment practices identify the potential risk that are most likely to take place will help set up the foundation for preventive security measures. Through the use of access control; who, when, what, where, and how information is being transported, can all be regulated based on the needs of the individual or organization making access control the first line of defense.