Access Controls
Access controls are not necessarily authentication, but they do define who has access to the organization’s resources. Access controls are provided different ways. The most common mechanisms are tied to those offered by the varying operating systems or software that supports the enterprise. This means that access control policies are tied to the technology used to support the business environment.
Access control policies should focus on where to use access controls instead of specifying to use them. You should look at the specifics so that a broad policy statement does not have to be applied to something that does not require control. For example, access control policies that restrict access to organizational intelligence that ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
