КАТЕГОРИИ:
Архитектура-(3434)Астрономия-(809)Биология-(7483)Биотехнологии-(1457)Военное дело-(14632)Высокие технологии-(1363)География-(913)Геология-(1438)Государство-(451)Демография-(1065)Дом-(47672)Журналистика и СМИ-(912)Изобретательство-(14524)Иностранные языки-(4268)Информатика-(17799)Искусство-(1338)История-(13644)Компьютеры-(11121)Косметика-(55)Кулинария-(373)Культура-(8427)Лингвистика-(374)Литература-(1642)Маркетинг-(23702)Математика-(16968)Машиностроение-(1700)Медицина-(12668)Менеджмент-(24684)Механика-(15423)Науковедение-(506)Образование-(11852)Охрана труда-(3308)Педагогика-(5571)Полиграфия-(1312)Политика-(7869)Право-(5454)Приборостроение-(1369)Программирование-(2801)Производство-(97182)Промышленность-(8706)Психология-(18388)Религия-(3217)Связь-(10668)Сельское хозяйство-(299)Социология-(6455)Спорт-(42831)Строительство-(4793)Торговля-(5050)Транспорт-(2929)Туризм-(1568)Физика-(3942)Философия-(17015)Финансы-(26596)Химия-(22929)Экология-(12095)Экономика-(9961)Электроника-(8441)Электротехника-(4623)Энергетика-(12629)Юриспруденция-(1492)Ядерная техника-(1748)
Text 3b
 |
PHYSICAL ACCESS CONTROLS.
Physical access controls in general have been well implemented in most information systems installations, with major focus on the central processing facility.
A network environment introduces the need to refocus attention on the following areas:
remote facilities, whether they be located in the same building with the central processing facility or in some other site; communication link components; common carrier provided access controls to the equipment, links and facilities through which organizational data must be transmitted; network control center facilities which house specialized network equipment for patching, monitoring, and testing network components; information center facilities which serve as focal points for assisting end – users in designing and implementing special departmental applications; user required materials such as operations manuals, floppy disks, copies of licensed vendor supplied software, etc.; shared remote printer output areas.
Logical Access Controls.
Logical access controls play an important role in any information systems environment. In addition to providing a method for identifying and verifying authorized users, logical access controls can also limit authorized user access to only those resources required to perform their assigned job.
In a network environment, logical access control is one of the most effective measures for protecting information. Logical access controls can be implemented via software and in conjunction with specific hardware devices if additional security is warranted.
Organizational Controls.
Traditional organizational controls include such things as separating DP from users, separating duties within DP, maintaining functional separations (e.g., vendor file maintenance from credit issuance), assigning individual security responsibility, using appropriate spans of management control and utilizing good audit procedures.
Personnel Controls.
Traditional personnel controls include appropriate hiring procedures, enforcing vacations and job rotation, restricting employee accounts and following complete termination procedures.
Due to the nature of network environments, management may want to place more emphasis on and exercise additional controls over job rotation and employee account restrictions. Special consideration should be given to ensuring that there is a procedure in place which inputs to the logical access control mechanism and to the physical access control process when an employee has changed work assignments or leaves the organization. This procedure should cause an immediate removal of the employee’s id and password from the system or even a denial of physical access to the prior work location.
|
|
|
|
|
Дата добавления: 2015-03-29; Просмотров: 347; Нарушение авторских прав?; Мы поможем в написании вашей работы!