Whenever discussions turn toward security systems Toronto residents often visualize sensors, alarms, and surveillance systems associated with physical security. That may be due to the fact that equipment identified with physical security are very visible; after all, they form the first line of defense against intruders in both home, business or industrial settings. But that does not mean that you can ignore the need to secure your data. The truth is that data security supports physical security and vice versa.
Keeping Data And IT Assets Secure
These days, we are all interconnected through the internet. That means it is no longer sufficient to be vigilant about physical intrusions but unauthorized network intrusions as well. While most security systems Toronto focus on the physical aspects of security, you need to ensure network security is just as tight. Many individuals and companies have learned about the consequences of loose network security the hard way – you do not want your name added to that list. This article discusses the greatest cyber security threats.
In the simplest of terms, data access security is simply a set of measures taken to regulate who can view or use data contained in a network. And the basic principle involved is just as simple – to grant access only to people who need them in the performance of assigned tasks.
There are four main categories of access control: Mandatory Access Control, Discretionary Access Control, Role Based Access Control, and Rules Based Access Control.
Mandatory Access Control (MAC) is the most stringent of all. Under this system access to all resource objects are controlled by settings made by the system administrator. These settings cannot be changed by users. All resource objects are assigned security labels which contain access classification, and category. The classification defines the sensitivity of the resource (confidential, secret, etc.), while category is more of a description of management position, role, or project. Each user is also assigned a classification and category
When someone asks for access to something in the network, MAC checks to see if the classification and category of the user matches those of the resource. Only if both match is access granted.
Discretionary Access Control (DAC) is a system where the owner of each resource is allowed control over their own data. Under this system, each object or resource has an Access Control List containing names of users and permission levels. Thus some may have read-only, read-write, and others will have full access. It sacrifices a little bit of control for flexibility.
Role-Based Access Control uses the user’s job function in the company to determine access permissions. The functions or roles are separate from an employee’s position, and only one role may be assigned to an employee at any one time. Thus there is no way to give permissions that exceed those identified for a person’s role.
A network where the system administrator drafts a set of rules to control access is said to be under Rule Based Access Control. Access properties are contained in Access Control Lists linked with each data resource. Thus under this system it is possible to control access based on hours of the day, day of the week, etc.