Implementation of controls is a critical security feature of information systems. They block and detect various forms of intrusion and protect various components of the entire information systems, are these telecommunication lines or computer software’s and hard wares.
These controls establish the interface between the would-be user of the computer system and the computer itself. These controls monitor the initial handshaking procedure of the user with the operating system. For example when a customer enter the card and the pin code in an automatic teller machine (ATM), the access controls are exercised by the system to block unwanted or illegitimate access.
The identity of the user needs to be established before granting access. The user should be given access to the nature and kind of resources he is entitled to access. Actions taken by users to have access beyond the limits defined should be blocked and recorded.
Access controls have gained critical importance in the modern computing age for two significant reasons.
In literal terms, cryptography means science of coded writing. It is a security safeguard to render information unintelligible if unauthorized individuals intercept the transmission. When the information is to be used, it can be decoded. “The conversion of data into a secret code for the secure transmission over a public network is called cryptography.”
Cryptography primarily consists of two basic processes. These processes are explained through a diagram.
The above processes give rise to two forms of data
As shown in the above diagram, the original text, or "plaintext," is converted into a coded
equivalent called "ciphertext" via an encryption process.
Identification & Authentication
Access controls focus on the correct identification of the user seeking permission to access the system. There can be various sources of identifying and authenticating the user.
Identification of an individual through unique physical characteristics is proving to be quite safe and secure for allowing access. The study of personal characteristics has been extensively used for identification purposes. Biometrics can be defined as study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
Most commonly, following personal physical characteristics are covered,
In addition to the aforesaid access controls, there may be
The construction of effective security system should take into account the design and implementation of all the above controls.
Processing instructions carried out by the operating system and application software should be monitored by implementation of controls. If the processing controls are not effectively implemented, we could have undesirable situations arising. For example, in case of an operating system, while connecting to a website, a concealed link may be activated at the same time to transfer specified or all information. In case of an application software designed to compute interest at month end may contain unauthorized instruction to transfer pennies or cents or paisas to a particular account. Hence care needs to be taken that calculations are accurate and any rounding up or down is adequately explained and carried out, data is processed correctly as expected, control totals reconcile and processing errors are logged, researched and corrected timely and sufficient audit trail to trace from source to output and vice versa.