Access Control, Authentication, and Public Key Infrastructure, 2nd Edition by Mike Chapple, Bill Ballad, Tricia Ballad, Erin Banks

WHILE MANY ORGANIZATIONS adopt access controls in an effort to achieve business objectives, these mechanisms are also adopted for many other reasons. This chapter examines the laws and regulations governing information security and the ways that complying with these regulations drives the use of access controls. This chapter also discusses how organizations use policies, standards, procedures, and guidelines to achieve control objectives.

You will read in this chapter what happens when access controls fail. Security breaches can have serious implications ranging from loss of profitability to fines and prison time. The goal of this chapter is to highlight the important role access control ...