1.Access Control Policy
Access control is an approach that guarantees users identity and that they are authorized to access the organizations’ data and information. Johnson and Merkow (2010) believe that the access control policy summarizes the controls on the physical access to the information system and software to limit unauthorized access to sensitive data and computer networks.
The policy ensures that the users have only access to what they require to perform their daily activities. According to Peltier (2016) this will define clearly that they should do the work that they have been scheduled for. Any additional activities that are not authorized should be considered against the user domain policy.
2. Password Policy
Peltier (2016) defines a password policy as a set of rules and regulations that administrators develop to strengthen computer security by promoting the proper use of strong passwords. A password policy is mainly an official rule of a business that is taught as an aspect of the security awareness training. Johnson and Merkow (2010) suggest that password policies enable users to establish the configuration, as well as the complexity of the appropriate passwords to apply in computer software.
Business leaders can either develop advanced policies or utilize the present policies to fulfill the organizational needs and requirements. Johnson and Merkow (2010) suggest that this will ensure that the users have their login credentials and that they do not share them with anyone else. Also, it will maintain the security of the domain, preventing access to other user’s information.
If access control and password policies are not followed in an organization, then there could be no data or information security in the organization.
Humans are considered as the weakest link in IT security and hence they should follow implemented security practices to minimize threats to the organizations. Two of those security practices are
Password practices – According to a study conducted by the Ponemon institute, negligent employees are the number one reason for data breaches accounting to 24% (Ekran, 2020). Not having strong or unique passwords coupled with the increase in the Internet of Things (IoT) is a recipe for disaster.
Password protection is also a security issue. If the employees carelessly leave their passwords on a keyboard by simply writing them on a sticky note can lead to cybersecurity incidents. Hence, employees should make sure to have strong passwords on every device they use inside the organization and should also store them securely.
Access control practices – Maintaining adequate physical security should be a top priority for every organization. Unauthorized physical access can lead to data theft, and theft of property including hard drives or usb sticks. Hence, organizations should implement access control practices to keep employees from accessing areas they are not supposed to. Enforcing the use of smart cards, fobs, password protected computers and networks are some of the forms of access control practices