Chính sách kiểm soát truy cập v. Kỹ thuật vi xã hội. Phishing vii. Vishing viii. Vai Lướt sóng ix. Dumpster lặn X. Lừa đảo xi. Tổ chức Chính sách và Thủ tục xii. Chính sách bảo mật xiii. Bảo mật xiv. Mức độ Dịch vụ Hiệp định xv. Nguồn nhân lực Chính sách xvi. Quy Tắc Đạo Đức | SY0 - 201 Access Control The term access control describes a variety of protection schemes. It sometimes refers to all security features used to prevent unauthorized access to a computer system or network. In this sense it may be confused with authentication. More properly access is the ability of a subject such as an individual or a process running on a computer system to interact with an object such as a file or hardware device . Authentication on the other hand deals with verifying the identity of a subject. To understand the difference consider the example of an individual attempting to log in to a computer system or network. Authentication is the process used to verify to the computer system or network that the individual is who he claims to be. The most common method to do this is through the use of a user ID and password. Once the individual has verified his identity access controls regulate what the individual can actually do on the system just because a person is granted entry to the system does not mean that he should have access to all data the system contains. Consider another example. When you go to your bank to make a withdrawal the teller at the window will verify that you are indeed who you claim to be by asking you to provide some form of identification with your picture on it such as your driver s license. You might also have to provide your bank account number. Once the teller verifies your identity you will have proved that you are a valid authorized customer of this bank. This does not however mean that you have the ability to view all information that the bank protects such as your neighbor s account balance. The teller will control what information and funds you can access and will grant you access only to information for which you are authorized to see. In this example your identification and bank account number serve as your method of authentication and the teller serves as the access control mechanism. In computer systems and networks .
