ACCESS CONTROL SYSTEM WITHIN A COMPANY



Access Control System within a Company



Table Of Contents

Introuction3

Access Control System within a Company: A Discussion3

The Case For Information Security Scrutiny and Access Control5

Organization Processes and Security Considerations10

Context11

Purpose13

People14

Conclusions and Future Directions17

Security as a Competitive Edge17

Management Buy-In18

Recognition That Security Is Key to the Business19

References20

Bibliography22

Appendices25

Access Control System within a Company

Introuction

Although security is important, it has not always been critical to a company's success. With a mainframe system, the firm protected their systems from resource abuse such as authorized users hogging resources or unauthorized users gaining access and using spare resources. Such abuse was damaging because system resources were costly in the early days of mainframes. As technology developed and the cost of system resources decreased, this issue became less important. Remote access to systems outside a company's network was almost nonexistent. Moreover, only the underground community had the knowledge and tools needed to compromise a mainframe system. This paper discusses access control system within a company in a concise and comprehensive way.

Access Control System within a Company: A Discussion

Client/server technology developments led to a myriad of new security problems. Processor utilization was not a priority, but access to networks, systems, and files grew in importance. Access control became a priority as sensitive information such as human resources and payroll was being stored on public file servers. Companies did not want such data to be public knowledge, even to their employees, so new technologies such as granular access control, single sign-on, and data encryption were developed. As always, methods of circumventing and exploiting these new applications and security products quickly arose. During the client/server era, access into the corporate network was usually through a few dial-up accounts. This did open some security holes, but the risk to these accounts could be easily mitigated with procedures such as dial back and access lists. Branch offices communicated with one another over dedicated leased lines.

Then came the Internet—the open access worldwide network—and everything changed. The growth of e-mail and the World Wide Web soon led companies to provide Internet access to their employees. Developing an e-business initiative for your company became critical to stay competitive in the changing marketplace. With the rising use of the Internet, information including security information became accessible to the general public. Because the Internet is a public network, anyone on the Net can see other systems on it. As use of the Internet grew, companies started to allow more access to information and networks over the Internet. This approach, although beneficial for business, was inviting to attackers.

Recent events have led information security to become a significant focus in the way an organization conducts its business. Most businesses today have at least a rudimentary security program in place, and many programs are developing and growing in maturity. As these programs have grown, so has the need to move beyond the view that security is just a technical issue. Security today should be combined with the fabric of a business. In doing so, information security programs need to ...