(1)In information technology, logical access controls are tools and protocols used for identification, authentication, authorization, and accountability in computer information systems.
(2)There
are two main types of access control: physical and logical. Physical access
control limits access to campuses, buildings, rooms and physical IT assets.
Logical access limits connections to computer networks, system files and data.
(3)The
four main categories of access control are:
Mandatory
access control
Discretionary
access control
Role-based
access control
Rule-based
access control
(4)Mandatory
Access Control: Mandatory Access Controls (MACs) are logical access control
that cannot be controlled or modified by normal users or data owners.
(5)Discretionary
Access Control: Discretionary Access Controls (DACs) are logical access control
that may be activated or modified by the data owners at their discretion.
(6)In
any given scenario, MACs are better choice in terms of data security as
compared to DACs.
(7)In
any given scenario, following are the steps for implementing logical access
controls:
(a)
Inventory of IS resources.
(b)
Classification of IS resources.
(d)Grouping/labelling
of IS resources.
(c)
Creation of an access control list.
(8)In
any given scenario, first step in data classification is to identify the owner
of the data/application.
(9)In
any given scenario, an automated password management tool works as best
preventive control and ensures compliance with password management policy.
(10)Please
note below access control best practices for wireless security. Invariably 2-3
questions will be there on this concept:
(a)Enable
MAC address filtering:
Every Machine (PC/Laptop/Mobiles) has a
unique identification number. That is known as Media Access Control (MAC)
address. So through this control, you allow access to only selected devices.
Any other device trying to access you network will be rejected by your
router.
(b)Disable
SSID (Service set identifier) broadcasting
A Service Set Identifier (SSID) is the wireless network name broadcast by a router and it is
visible for all wireless devices. When a wireless device searches the area for
wireless networks it will detect the SSID.
(c)Enable
WPA-2 (Wi-Fi protected access) protection:
Encryption helps to scrambles the
information we send through wireless network into a code so that it’s difficult
for other to access. Using encryption is the effective way to secure your
network from intruders.
Two main types of encryption are
available for this purpose: Wi-Fi Protected Access (WPA) and Wired Equivalent
Privacy (WEP). WPA 2 is the strongest encryption standard for wireless
connection as on today.
(11)In
any given scenario, preference to be given to preventive controls as compared
to detective or deterrent controls.
(12)In
any given scenario, preference to be given to automated controls as compared to
manual controls.
(13)In
any given scenario, default deny access control policy (i.e. deny all traffic
except selected ones) is more robust and stringent access control policy as
compared to default allow access control policy (i.e. allow all traffic except
selected ones)
(14)Prime
objective of review of logical access control is to ensure access have been
assigned as per organisation’s authorization.
Question, Answer
& Explanation:
Below QAE are solely on the concept of logical
access controls. They resemble to the type/nature of questions that are
actually asked in CISA exams. Candidates are advised to attempt below questions
multiple times. More emphasis to be given on explanation part for better
understanding.
Great Article
ReplyDeleteCyber Security Projects for CSE Students
JavaScript Training in Chennai
Project Centers in Chennai