Access Control Policy is a security policy which can cause a lot of issues if missing from an organization’s policies. It is specific guidelines for how a user is identified and outlines what level of access is granted for resources. The access would be be decided based on a formalised organisational directive. Access control is the first line of defence in most cases and the absence of this policy will result in consequences. When looking at security and the policies which surround it, the main points that need to be followed are; Confidentiality, Integrity, Availability.Access control is one of the most pervasive and important aspects for information security and an issue caused by missing this policy would occur if an employee was able to access information or files in a system that they should not have access to.
There are three types of access control which can be breached, which means overlooking this policy can have a major impact.On a technical level, the connection to the network is can be left open which will mean that there are no restrictions on who is able to connect. If this is the case then anyone could go in and access the information on the network, see who else is connected to the network and then potentially cause harm to the devices connected in various ways. In technology today, wireless networks are becoming increasingly more popular but still remain the most vulnerable. This can result in loss of access to the organisation’s system as the network is then at risk of anyone implanting malicious files within the system which may lead to the system being unusable.
The loss of data and information is also a possibility as the user which has accessed the network potentially could be able to view and edit the information which also can result in deletion and theft of the information. To cover this impact the accessor can even edit access logs and this will lead to undetected control and use of the system.When looking at access control from an administrative position, the operational procedures to maintain control over the users who can have access are a major stage in protection. Issues that stem from overlooking an access control policy in this case can sprout from weak password with no required structure such as “include at least one number and symbol”. This can leave user accounts vulnerable to password cracking as users tend to use passwords which are easy to recall. According to “https://www.entrepreneur.com/article/246902” the five most popular passwords in 2014 included “qwerty”,”password” and “12345”.
These may be the first choices by unwanted users looking to access a system. Overlooking a policy which states regulations for passwords for access control will suffer major breaches. The implications of this can lead to a theft of data on users, if the admin profile is accessed then this can lead to changing of logs, changing of user information and a major breach of confidentiality in terms of personal information of the users. According to “paramountdefenses.com” “100% of all major recent cyber security breaches (e.
g. Snowden, Target, JP Morgan, Anthem etc.) involved the compromise & subsequent misuse of a single privileged access account.” which highlights the impact of the lack of security and possible damage if there is no access control security policy in place.