Logical Access Control

Logical access control is a very commonly used type of security measure. Aspects of logical access control include

• Prevention of unauthorised access to the system
• Detection unauthorised access to the system
• Management of access to the system.

Access itself is not binary. There are a number of powers that can be given to the user namely

• Read
• Write
• Delete

Access should be based purely on need and managing access should include at a minimum the following;

• Segregration of duties should not be compromised.
• Unique user identification
• Require users to sign statements indicating understanding of their access rights
• Granted of access dependent on suitable level of Authorisation including the system owner - extra scrutiny around requests > standard profiles.
• Regular review of rights with redundant user IDs and accounts removed

However, given that higher levels of security come at a cost, the level of access security should be determined on the basis of a risk assessment.

A number of access security devices can be employed, but a basic log-on procedure should have the following features.

• Warning notice
• No help to users
• Validation only on completion of all input data
• Limited number of attempts
• Record unsuccessful attempts
• Enforce time delay between failed attempts

 Further ideas related to passwords are provided here.

Enhanced features may include encryption.

Managing a large number of users' access rights is a costly process which explains the use of standard user profiles.