The management of access to confidential information is a major issue for most organizations. It is often related to trust of customers which makes it more vital to guard against misuse. Data that can identify individuals should be governed by policies to avoid identity fraud, the compromise of accounts or systems and other grave consequences. To prevent these risks access to sensitive information should be controlled by strict authorization based on roles.
There are many different models that allow access to sensitive information. The simplest model, a discretionary access control (DAC) allows an owner or administrator to select who can access files and the actions they can perform. This is the default model for Windows, macOS and UNIX filesystems.
Role-based access control is a more reliable and secure method. This model ties privileges with the person’s job requirements. It also implements important security principles, including an orderly separation of privileges, and the principle of minimal privilege.
Fine-grained control of access goes beyond RBAC and gives administrators to assign access to users based on their identity. It makes use of a combination that includes a piece of information you know, such as an account number, password or device that generates codes and something you possess, like access cards, keys, or devices that generate codes and something you’re like, such as your fingerprint, iris scan, or voice print. This gives you more control management and can help eliminate the majority of issues associated with authorization, including unmonitored access by former employees as well as access to sensitive information via applications that are third-party.
0 Comments