This chapter builds on the risk assessment discussion that was covered in Chapter 1 and addresses the access control countermeasures that can be implemented to protect the safety of personnel and the confidentiality, integrity, and availability (CIA) of the valuable information assets of the enterprise. By implementing layers of cost-justified controls that target the vulnerabilities of the assets and the likelihood and impact of a successful exploit, the enterprise can mitigate and avoid losses and become better able to maximize profits.

Access control involves the implementation of security at some appropriate level as defined by senior management through policy and balanced with the need for access to accomplish the ...