Introduction+to+Computer+Security_Part8

Introduction+to+Computer+Security_Part8 - 17. Logical...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
17. Logical Access Controls These access modes are described generically; exact definitions and capabilities will vary from 116 implementation to implementation. Readers are advised to consult their system and application documentation. "Deleting" information does not necessarily physically remove the data from the storage media. This can 117 have serious implications for information that must be kept confidential. See "Disposition of Sensitive Automated Information," CSL Bulletin, NIST, October 1992. 199 include the following: 116 Read access provides users with the capability to view information in a system resource (such as a file, certain records, certain fields, or some combination thereof), but not to alter it, such as delete from, add to, or modify in any way. One must assume that information can be copied and printed if it can be read (although perhaps only manually, such as by using a print screen function and retyping the information into another file). Write access allows users to add to, modify, or delete information in system resources (e.g., files, records, programs). Normally user have read access to anything they have write access to. Execute privilege allows users to run programs. Delete access allows users to erase system resources (e.g., files, records, fields, programs). 117 Note that if users have write access but not delete access, they could overwrite the field or file with gibberish or otherwise inaccurate information and, in effect, delete the information. Other specialized access modes (more often found in applications) include: Create access allows users to create new files, records, or fields. Search access allows users to list the files in a directory. Of course, these criteria can be used in conjunction with one another. For example, an organization may give authorized individuals write access to an application at any time from within the office but only read access during normal working hours if they dial-in. Depending upon the technical mechanisms available to implement logical access control, a wide variety of access permissions and restrictions are possible. No discussion can present all possibilities. 17.2 Policy: The Impetus for Access Controls Logical access controls are a technical means of implementing policy decisions . Policy is made by
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IV. Technical Controls Some policies may not be technically implementable; appropriate technical controls may simply not exist. 118 200 A few simple examples of specific policy issues are provided below; it is important to recognize, however, that comprehensive system-specific policy is significantly more complex. 1. The director of an organization's personnel office could decide that all clerks can update all files, to increase the efficiency of the office. Or the director could decide that clerks can only view and update specific files, to help prevent information browsing. 2.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 30

Introduction+to+Computer+Security_Part8 - 17. Logical...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online