Access control
Introduction
Access control consists of verifying whether an entity (a person, vehicle, computer, etc.) requesting access to a resource has the necessary rights to do so.[1].
An access control offers the possibility of accessing physical resources (for example, a building, a premises, a country) or logical resources (for example, an operating system or a specific computer application "Application (computing)").[1][2].
Access control policy
An access control policy specifies the access rights that regulate whether an access request made should be allowed or not.[3] Access requests are made by what is called a principal, which can be: a user (human), a subject (a process that runs on behalf of a user) and an object (a piece of data or a resource)[3].
We can classify access control policies into different types, each with its advantages and disadvantages:[3][4].
Components
Access control generally includes three components or techniques:
Nowadays, there is increasing demand from companies to be able to track access to their computers using an access rights notification.
Legislative changes
According to the EPA for the second quarter of 2018, "in Spain, 6,822,900 overtime hours were performed per week and 2,986,200 hours were unpaid, that is, 43.8% of the total."[7] To fight against excess hours and unpaid or compensated overtime, the Government will force companies to control the access of their employees and record the hours worked following its "Master Plan for a decent work (2018 / 2019 / 2020)”.[8].
References
- [1] ↑ a b David Kim; Michael Solomon (17 de noviembre de 2010). Fundamentals of Information Systems Security. Jones & Bartlett Learning. pp. 144-. ISBN 978-0-7637-9025-7.: https://books.google.es/books?id=-agjhFspvFMC&pg=PA144&dq=access+control+fisical&hl=ca&sa=X&ei=qQDzVNbrFMXtUsLcgugP&ved=0CDAQ6AEwAQ#v=onepage&q=access%20control%20fisical&f=false
- [2] ↑ Martínez Pascual, Diego (21 de diciembre de 2018). «Controles proactivos en el desarrollo seguro de software (Implementación de Control de Accesos» (html). Aprendiz de Sysadmin. Archivado desde el original el 22 de diciembre de 2018. Consultado el 22 de diciembre de 2018. «Control de Acceso es el proceso mediante el cual se conceden o deniegan las solicitudes de acceso a una característica o recurso en particular. Cabe señalar que la autorización no equivale a una autenticación (verificación de la identidad). Estos términos y sus definiciones se confunden con frecuencia y no debemos caer en ese error.».: https://web.archive.org/web/20181222165520/https://aprendizdesysadmin.com/controles-proactivos-en-el-desarrollo-seguro-de-software-implementacion-de-control-de-accesos-y-como-ser-un-developer-cuqui-y-muy-pro/
- [3] ↑ a b c Access Control. Michael Clarkson. Universidad de Cornell.: https://www.cs.cornell.edu/courses/cs5430/2011sp/NL.accessControl.html
- [4] ↑ Control de acceso. ticportal.es. 11 de octubre de 2018.: https://www.ticportal.es/glosario-tic/control-acceso
- [5] ↑ RBAC: Rule-Based vs. Role-Based Access Control. Bryon Beilman. 28 de marzo de 2019.