Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms, and physical IT assets. Logical access control limits connections to computer networks, system files, and data. These are further explained below.
Logical Access Control
Logical Access Control is the ability and means to allow or deny logical or computer-based access to data of one kind or another. Keeping in mind the CIA of Cybersecurity (Confidentiality, Integrity, and Availability) logical access control typically pertains to Confidentiality – making sure only the people who should have access to something are the ones with access to that data set.
Physical Access Control
Physical Access Control is the ability and processes to grant and deny physical access to locations within a building, company, or even within a room at a company. Techniques can involve using RFID picture ID badges that must be worn and displayed by employees throughout your offices, to separate control entry points for server rooms. In high-security locations such as a data center, the use of ‘Man Trap‘ is a requirement, although, CyberHoot believes we should begin calling them ‘Person Trap‘ as we know quite a few exceptional social engineering experts who are most definitely not men.
What Does This Mean for my SMB?
It’s important to have both policies and technology in place to implement discretionary and mandatory access controls. Having policies and technical controls in place help staff avoid dangerous and costly cybersecurity events. Incorporate the Principle of Least Privilege in your organization to improve your overall cybersecurity posture.
Beyond Access Controls – Best Practices to Adopt
CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
- Adopt two-factor authentication on all critical Internet-accessible services
- Adopt a password manager for better personal/work password hygiene
- Require 14+ character Passwords in your Governance Policies
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.
Physical Access Control
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.
Sources: CNSSI 4009, TechTarget