SlideShare a Scribd company logo

Sample Access Control Policy1.Purpose2.Scope3.Pol.docx

Download as DOCX, PDF
A
agnesdcarey33086

The document outlines a sample access control policy that defines the purpose, scope, and processes for granting, monitoring, and managing access to systems and applications. It addresses user responsibilities, network access protocols, operating system security measures, application access authorization, system event monitoring, and policies for mobile computing and telecommuting. The policy serves as a comprehensive guide for ensuring secure access and usage of information systems within an organization.

Education
1 of 2
Download to read offline
1
2
Sample Access Control Policy 1. Purpose 2. Scope 3. Policy Access control policy Who and how is authorisation for access to systems and business applications granted?User access How is access to information systems to be granted (eg passwords etc)? Who is responsible for monitoring and reviewing access rights? Who is responsible for removing and notifying of redundant User IDs and accounts and what is the process? Who is responsible for granting access to systems utilities and privilege management? How is access and use of systems utilities monitored?User responsibilities How are users to be educated and made aware of access responsibilities? What are users’ responsibilities for access and passwords?Network access Who is responsible for authorising network access (both internally and external connections)? What is the process for enforced network paths, user authentication for external connection, Node authentication, use of remote diagnostic ports? How will network domains and groups be segregated? What network connection controls will be in place – eg. times, type and size of file transfers to external source?Operating system access How is automatic terminal identification used to authenticate
connections to specific locations and portable equipment? What is the secure logon and logoff process for access? Are there restrictions on connection times in place? How will passwords be issued and managed – what are the rules for passwords? How will systems utilities’ use be controlled? Application access Who authorises application access eg read, write? What is the process for authorising access to information when systems share resources, eg. two separate systems are integrated to form a third application or system?Monitoring system access What system events will be logged, eg. date, IP address, User- IDs, unsuccessful logins, alerts from intrusion detection systems (firewall)? When and who will review and monitor system logs? And where are they stored?Mobile computing and telecommuting Outline Agency policy for each type of mobile device – eg. physical storage, personal usage, protection of information held on the device, access mechanisms (eg password), virus protection, backup. Policy on use of computer equipment for telecommuting, eg. authorisation process, system access, physical security, etc. Template - Access Control Policy Page 1 of 2 June 06

More Related Content

PPTX
Security Policy
Huda Seyam
 
PPTX
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
PDF
Ch06 Policy
phanleson
 
PDF
Access Control Policy – Sample Framework for Secure Access
Azpirantz Technologies
 
PPTX
Building The Framework For A Culture Of Security
mguenther
 
PPTX
Network Security Policies
Aamir Sohail
 
PDF
Remote Access Policy Is A Normal Thing
Karen Oliver
 
PPTX
Cyber Security unit-4.pptx for computers
2k24mca2412994
 
Security Policy
Huda Seyam
 
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
Ch06 Policy
phanleson
 
Access Control Policy – Sample Framework for Secure Access
Azpirantz Technologies
 
Building The Framework For A Culture Of Security
mguenther
 
Network Security Policies
Aamir Sohail
 
Remote Access Policy Is A Normal Thing
Karen Oliver
 
Cyber Security unit-4.pptx for computers
2k24mca2412994
 

Similar to Sample Access Control Policy1.Purpose2.Scope3.Pol.docx (20)

DOCX
 IT Infrastructure PoliciesLearning Objectives and Outcome
shandicollingwood
 
PDF
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
DOCX
Security policy case study
ashu6
 
PDF
IT Network Security Policy
ssuser06c4a6
 
PPT
Operations_Security - Richard Mosher
amiable_indian
 
PPTX
Security Management | System Administration
Lisa Dowdell, MSISTM
 
PDF
Barbed Wire Network Security Policy 27 June 2005 7
Khawar Nehal khawar.nehal@atrc.net.pk
 
PDF
IC-ISO-27001-Checklist-10838_PDF.pdf
Napoleon NV
 
DOCX
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
DOCX
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
DOCX
Learning Objectives and OutcomesExamine IT infrastructure poli.docx
washingtonrosy
 
DOCX
Learning Objectives and OutcomesExamine IT infrastructure po.docx
jesssueann
 
PPTX
HIPAA Safeguard Slides
projectwinner
 
PPTX
12 security policies
Saqib Raza
 
PPT
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
PPT
2. access control
7wounders
 
PDF
File000169
Desmond Devendran
 
PDF
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
Editor IJCATR
 
PDF
Information security policy how to writing
PasangdolmoTamang
 
PPT
Net essentials6e ch10
APSU
 
 IT Infrastructure PoliciesLearning Objectives and Outcome
shandicollingwood
 
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
Security policy case study
ashu6
 
IT Network Security Policy
ssuser06c4a6
 
Operations_Security - Richard Mosher
amiable_indian
 
Security Management | System Administration
Lisa Dowdell, MSISTM
 
Barbed Wire Network Security Policy 27 June 2005 7
Khawar Nehal khawar.nehal@atrc.net.pk
 
IC-ISO-27001-Checklist-10838_PDF.pdf
Napoleon NV
 
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Learning Objectives and OutcomesExamine IT infrastructure poli.docx
washingtonrosy
 
Learning Objectives and OutcomesExamine IT infrastructure po.docx
jesssueann
 
HIPAA Safeguard Slides
projectwinner
 
12 security policies
Saqib Raza
 
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
2. access control
7wounders
 
File000169
Desmond Devendran
 
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
Editor IJCATR
 
Information security policy how to writing
PasangdolmoTamang
 
Net essentials6e ch10
APSU
 

More from agnesdcarey33086 (20)

DOCX
Sample Summaries of Emily Raine’s Why Should I Be Nice to You.docx
agnesdcarey33086
 
DOCX
SAMPLEExecutive Summary The following report is an evalua.docx
agnesdcarey33086
 
DOCX
Sample Student Industry AnalysisExecutive SummaryCom.docx
agnesdcarey33086
 
DOCX
sample.sql-- START-- SETUP Create userCREATE USER .docx
agnesdcarey33086
 
DOCX
SAMPLING MEAN DEFINITION The term sampling mean is.docx
agnesdcarey33086
 
DOCX
SAMPLING MEANDEFINITIONThe term sampling mean is a stati.docx
agnesdcarey33086
 
DOCX
sampleReportt.docxPower Electronics Contents.docx
agnesdcarey33086
 
DOCX
Sample Workflow of Answering a Telephone in an OfficeInform .docx
agnesdcarey33086
 
DOCX
Sample Investment PropertyAverage InlandSan Diego HomeASSUMPTION.docx
agnesdcarey33086
 
DOCX
SAMPLE Project (Answers and explanations are in red)I opened t.docx
agnesdcarey33086
 
DOCX
Sample Questions to Ask During an Informational Interview .docx
agnesdcarey33086
 
DOCX
Sample Table.pdfTopic RatingPatients Goal Able to walk .docx
agnesdcarey33086
 
DOCX
SAMPLE QUESTIONExercise 1 Consider the functionf (x,C).docx
agnesdcarey33086
 
DOCX
Sample PowerPoint Flow Week 5Select a current product with which.docx
agnesdcarey33086
 
DOCX
Sample Of assignmentIntroductionComment by Jane Summers Introd.docx
agnesdcarey33086
 
DOCX
SAMPLE GED 501 RESEARCH PAPERTechnology Based Education How.docx
agnesdcarey33086
 
DOCX
Sample Action Research Report 1 Effect of Technol.docx
agnesdcarey33086
 
DOCX
Sample Case with a report Dawit Zerom, Instructor Cas.docx
agnesdcarey33086
 
DOCX
Salkind_datasetsCrab Scale Results.savSalkind_datasetsLess.docx
agnesdcarey33086
 
DOCX
Sales_Marketing_-_Riordan_9.docxSales & MarketingHome .docx
agnesdcarey33086
 
Sample Summaries of Emily Raine’s Why Should I Be Nice to You.docx
agnesdcarey33086
 
SAMPLEExecutive Summary The following report is an evalua.docx
agnesdcarey33086
 
Sample Student Industry AnalysisExecutive SummaryCom.docx
agnesdcarey33086
 
sample.sql-- START-- SETUP Create userCREATE USER .docx
agnesdcarey33086
 
SAMPLING MEAN DEFINITION The term sampling mean is.docx
agnesdcarey33086
 
SAMPLING MEANDEFINITIONThe term sampling mean is a stati.docx
agnesdcarey33086
 
sampleReportt.docxPower Electronics Contents.docx
agnesdcarey33086
 
Sample Workflow of Answering a Telephone in an OfficeInform .docx
agnesdcarey33086
 
Sample Investment PropertyAverage InlandSan Diego HomeASSUMPTION.docx
agnesdcarey33086
 
SAMPLE Project (Answers and explanations are in red)I opened t.docx
agnesdcarey33086
 
Sample Questions to Ask During an Informational Interview .docx
agnesdcarey33086
 
Sample Table.pdfTopic RatingPatients Goal Able to walk .docx
agnesdcarey33086
 
SAMPLE QUESTIONExercise 1 Consider the functionf (x,C).docx
agnesdcarey33086
 
Sample PowerPoint Flow Week 5Select a current product with which.docx
agnesdcarey33086
 
Sample Of assignmentIntroductionComment by Jane Summers Introd.docx
agnesdcarey33086
 
SAMPLE GED 501 RESEARCH PAPERTechnology Based Education How.docx
agnesdcarey33086
 
Sample Action Research Report 1 Effect of Technol.docx
agnesdcarey33086
 
Sample Case with a report Dawit Zerom, Instructor Cas.docx
agnesdcarey33086
 
Salkind_datasetsCrab Scale Results.savSalkind_datasetsLess.docx
agnesdcarey33086
 
Sales_Marketing_-_Riordan_9.docxSales & MarketingHome .docx
agnesdcarey33086
 

Recently uploaded (20)

PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
master seminar digital applications in india
ananyaray35
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 

Sample Access Control Policy1.Purpose2.Scope3.Pol.docx

  • 1. Sample Access Control Policy 1. Purpose 2. Scope 3. Policy Access control policy Who and how is authorisation for access to systems and business applications granted?User access How is access to information systems to be granted (eg passwords etc)? Who is responsible for monitoring and reviewing access rights? Who is responsible for removing and notifying of redundant User IDs and accounts and what is the process? Who is responsible for granting access to systems utilities and privilege management? How is access and use of systems utilities monitored?User responsibilities How are users to be educated and made aware of access responsibilities? What are users’ responsibilities for access and passwords?Network access Who is responsible for authorising network access (both internally and external connections)? What is the process for enforced network paths, user authentication for external connection, Node authentication, use of remote diagnostic ports? How will network domains and groups be segregated? What network connection controls will be in place – eg. times, type and size of file transfers to external source?Operating system access How is automatic terminal identification used to authenticate
  • 2. connections to specific locations and portable equipment? What is the secure logon and logoff process for access? Are there restrictions on connection times in place? How will passwords be issued and managed – what are the rules for passwords? How will systems utilities’ use be controlled? Application access Who authorises application access eg read, write? What is the process for authorising access to information when systems share resources, eg. two separate systems are integrated to form a third application or system?Monitoring system access What system events will be logged, eg. date, IP address, User- IDs, unsuccessful logins, alerts from intrusion detection systems (firewall)? When and who will review and monitor system logs? And where are they stored?Mobile computing and telecommuting Outline Agency policy for each type of mobile device – eg. physical storage, personal usage, protection of information held on the device, access mechanisms (eg password), virus protection, backup. Policy on use of computer equipment for telecommuting, eg. authorisation process, system access, physical security, etc. Template - Access Control Policy Page 1 of 2 June 06