IS3230 Access Security
Unit 1 Introduction to Access Control, Authentication, and PKI skong@itt-tech.edu k @itt t h d
© ITT Educational Services, Inc. All rights reserved.

Learning Objective and Key Concepts
Learning Objective
Define authorization and access to an information technology (IT) infrastructure based on an access control policy framework.

Key Concepts
Access control policies, standards and procedures, and guidelines U.S. Federal d State U S F d l and St t compliance l li laws Fundamental access control concepts Identification, authentication Identification authentication, and authorization
IS3230 Access Security
© ITT Educational Services, Inc. All rights reserved. Page 2

EXPLORE: CONCEPTS

IS3230 Access Security

© ITT Educational Services, Inc. All rights reserved.

Page 3

Access Control
Enables an authorized person to control access to areas and resources in a given physical facility or computer-based information system

IS3230 Access Security

© ITT Educational Services, Inc. All rights reserved.

Page 4

Primary Components of Access Control
Policies: Defined from laws, requirements, and industry guides Subjects: People who need to access or are restricted from accessing Objects: Resources or information that need protection

IS3230 Access Security

© ITT Educational Services, Inc. All rights reserved.

Page 5

Compliance Laws and Industry Guides
Federal Laws State Government Laws Industry Guides

IS3230 Access Security

© ITT Educational Services, Inc. All rights reserved.

Page 6

EXPLORE: PROCESSES

IS3230 Access Security

© ITT Educational Services, Inc. All rights reserved.

Page 7

Steps of Access Control Process
Access control requires: Identification Id tifi ti Access control process: Subject: presents credentials to the system

Authentication: Authentication
system