IM Instant Messaging Security
Addressing IM issues in a manner that is useful for the day-to-day operations and management of enterprise networks, this timely text presents the tools and methods necessary to embrace the IM technology securely.
TABLE OF CONTENTS IM Instant Messaging Security
Appendix B: Managing Access
Overview
Access control is a key element of a good IM security program. As in Appendix A, our intent is to give those requiring general knowledge of access control the necessary background to enhance their reading experience with our chapters that cover IM security risks and best practices. In this appendix, we will cover the essential elements every security administrator needs to know about access control and management of passwords. Some of the content presented in this appendix has been excerpted from our Wireless Operational Security [1] book with the permission of Digital Press, an imprint of Elsevier.
B.1 Access Control
According to the ISSA [2], " access control is the collection of mechanisms for limiting, controlling, and monitoring system access to certain items of information, or to certain features based on a user's identity and his or her membership in various predefined groups." In this section, we will explore the major building blocks that comprise the field of access control as it applies to organizational entities and the information systems these entities are trying to protect from compromising situations.
B.1.1 Purpose of Access Control
" What are some reasons why we should have access control?" Access control is necessary for several reasons. Information proprietary to a business may need to be kept confidential, so there is a confidentiality issue that provides a purpose for having access controls. The information that an organization keeps confidential also needs to be protected from tampering or misuse. The organization must...
Copyright James F. Ransome and John W. Rittinghouse 2005 under license agreement with Books24x7
