Access and authorization of physical and digital assets for an organization make up the third principle. Universally acknowledged as a necessity in every part of the world, the actual placement and implementation of these types of safeguards can vary greatly, depending on the environment and value of the assets. The restriction of assets, which may include physical or digital items, may be accomplished through the introduction of a hierarchy. Hierarchies may consist of a dozen varying levels with crossover between authorized users or may simply consist of two levels: public and private. The establishment of a defined and purposeful authorization process for any asset should be done in a manner that enhances the value of the asset.

As organizations continually expand their environments and leverage business process outsourcing (BPO) opportunities, the preservation of system integrity becomes ever more important. Beyond protecting the organization from partners accessing corporate data, an accidental disclosure threat exists in situations where clients accidentally gain access to others. This is especially a problem where a BPO provides services to the airline industry and all major airlines use the same provider. This situation is common in vertical niche and specialized industries. It can become dangerous if competitors accidentally gain access to each other's systems.

In the past, when the organization's data centers were ...