Access Controls
Access controls are security measures that restrict who can view, modify, or use computing resources, ensuring that only authorized individuals can access systems and data.
Explanation
Access controls follow the principles of least privilege (grant minimum access necessary) and segregation of duties (no single person controls all aspects of a critical process). Authentication verifies identity through something you know (password), something you have (token), or something you are (biometric). Authorization determines what actions the authenticated user can perform. Multi-factor authentication (MFA) combines two or more authentication types for stronger security.
Key Points
- •Least privilege: minimum access necessary to perform job duties
- •Authentication factors: knowledge, possession, inherence (biometric)
- •Multi-factor authentication combines two or more factor types
Exam Tip
Two passwords is not multi-factor authentication — MFA requires different types of factors (e.g., password plus fingerprint), not just multiple of the same type.
Frequently Asked Questions
Related Topics
IT General Controls (ITGCs)
IT general controls are policies and procedures that apply broadly across an organization's IT environment to ensure the proper operation of information systems and the integrity of data.
Network Security
Network security encompasses the technologies, policies, and practices designed to protect the integrity, confidentiality, and availability of computer networks and data.
Test your knowledge
Practice scenario-based questions on this topic with detailed explanations.