Access Control

Access Control is also one of way prime measure that organizations use to restrict access to information systems. Access control has its requirement in the fact that the computer program and process that represent information system must be authorized in order to protect the information present in those systems. It is important to recognize the fact that access control mechanisms  should be comparable to the information being protected, that is, the more valuable a piece of information is , the stronger the stronger the control mechanisms have to be. The bases on which access control mechanisms are built are identification and authorization.


Identification refers to the process of establishing who or what someone is.  For example if a person claims to be Mr. X, his claim may or may not be true. Therefore, before granting access to information systems it is necessary to verify the identity of the person in order to establish if the person is really Mr.X or not.


Authentication refers to the act of verification of an identity claim. This process can be illustrated by the example that when a person claims to be Mr. X, he must present some kind of identification documentation, such as an ID card or Driver’s License, which can be verified physically or electronically. For authentication, three different types of information can be used. These can be generally classified as something that a person knows, something that a person has or something that a person is. Examples of something that a person knows include PIN, passwords or mother’s maiden name. Example of something that a person have include ID Card or Driver’s License while the examples of something that a person have can be the biometrics of a person which can include fingerprints, voiceprints or retinal scans. Some organizations also implement stronger authentication measures which require a combination of types of information required for authentication.

