Technology Risks: CISSP: Access Control

Sunday, August 17, 2014

CISSP: Access Control

Access control, in one form or another, is considered by most information systems security professionals to be the cornerstone of their security programs. The various features of physical, technical, and administrative access control mechanisms work together to construct the security architecture so important in the protection of an organization’s critical and sensitive information assets.

This domain includes:

Concepts/methodologies/techniques
Effectiveness
Attacks

Here are some videos which explains Access Control well:

[more coming up...]

No comments:

Post a Comment

I am a technology management consultant and a course facilitator. I have more than twenty-five years of experience in the IT industry and specialise in information security and risks. This profession has taken me to live in many countries in Europe, Africa, Australia and Asia for twenty years, meeting many competent practitioners in the process.

This blog is for my clients, my students and anyone interested in technology management and the risks that come with it.

It enumerates the various industry best practices to mitigate real world risks, which will also include: my anecdotes; videos and links found elsewhere in Cyberspace. I mean, why reinvent the wheel when there are already good stuff out there?

This will save you some time foraging the Internet for good quality material to study or apply at work.

Do let me know when you find even better materials out there, so that I can post them here and more people will benefit from it.

Some of my clients are:
Standard Chartered Bank, Astrazeneca, S.W.I.F.T., Shell, Barclays Bank, European Commission, Lloyds-TSB, BHP, South African Directorate of Communications, HP, IBM, Philip Morris, Belgacom, Flemings Asset Management Luxembourg, Octopus (HK), Protonworld, Riyad Bank, Al-Rajhi Bank, Saudi-Hollandi Bank, RHB Group, Mandiri Bank, UOB Bank, BNI Bank, Jebsen and Jessen, CEGB (UK), Temasek Polytechnic, Embry-Riddle Aeronautical University Asia.

Contact:

Michael Chua

mysticmichael@gmail.com

Services:

1. Vulnerability Testing
- Computer and Network Infrastructure Tests
- Configuration, Compliance and Inter-operability

2. Risk Assessment
- Total Defence Inspection
- Beyond computers and technology
- Risk Quantification and Management

3. Information Security Operations
- Policy, Process and Procedure
- Scenario Planning
- Crisis Management Rehearsals

4. Information Security Design and Development
- Organisational Structure
- Security Control Implementation
- System Release

5. Awareness Campaign
- Educating the public, employees and business partners about the importance of secure practices

6. Business Continuity Planning and Management
- Physical Crisis
- Technology Crisis
- Epidemics