Dear Friend > ACCESS CONTROLS Access control (AC) is considered as very important mechanism to provide information security. Following rules should be part of policy under access control mechanism: 1. AC must be in place to prevent unauthorized access to IS 2. Access of business information should be permitted in response to a requirement 3. Formal process must be in place to validate and provide individuals with access to information 4. Access controls should be regularly audited 5. Access rights should be immediately deleted for users who do not need the information any further 6. Each user must be provided with unique IDs and should be prohibited from using another user‟s IDs. 7. Proper procedures should be in place for reporting and handling of security related incident(s) Thanks

Hey Roshni, Access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. There are two main kinds of Access Controls: Physical Access Controls: ========================= These are the controls relating to physical security of the tangible IS resources and intangible resources stored on tangible media etc. Such controls include Access control doors, Security guards, door alarms, restricted entry to secure areas, visitor logged access, CCTV monitoring etc. Logical Access Controls ======================= These are the controls relating to logical access to information resources such as operating systems controls, application software boundary controls, networking controls, access to database objects, encryption controls etc. Hope this helps! All the best! Nishant

Dear friend, **Meaning of Access Controls** Access control a is way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are granted access and certain privileges to systems, resources or information. In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security. In the fields of physical security and information security, access control is the selective restriction of access to a place or other resource.The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. Locks and login credentials are two analogous mechanisms of access control. **Types of Access Control** There are two main types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access limits connections to computer networks, system files and data. **Categories of Access Control** 1.Mandatory access control 2.Discretionary access control 3.Role-based access control 4.Rule-based access control 5.Identity-Based Access Control 6.Organization-Based Access control 7.Responsibility Based Access control 8.Attribute-based Access Control