Many businesses today exchange goods, services, information, and knowledge using network-enabled technologies. Within such business, proper protection of confidential information is essential to achieve the desired benefits and mitigate the associated risks. Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties.
Access risk includes the risk that access to information (data or programs) will be inappropriately granted or refused. Unauthorized people may be able to access confidential information, while simultaneously, authorized people may be denied access. Access risk is pervasive – it includes information for any purpose.
Access risk focuses on the risks associated with inappropriate access to systems, data, or information. It encompasses the risks of improper segregation of duties, risks associated with the integrity of data and databases, and risks associated with information confidentiality. Access risk can occur at any, or all, of the following:
- Network – The mechanism used to connect users with a processing environment. The access risk in this area is driven by the risk of inappropriate access to the network itself.
- Platform – The host computer system on which application systems and related data are stored and processed. The access risks in this area are driven by the risk of inappropriate access to a processing environment, and the programs or data that are stored in that environment.
- Database – The collection of data that is organized in a manner that allows its contents to be easily accessed, managed, and updated. The access risk in this area is driven by the risk of inappropriate access to valuable information.
- Application System – The programs that are used to process information that is relevant to business processes. The access risk in this area is associated with inappropriate logical access to system resources.
- Physical – The unauthorized physical entry of an intruder to the system resources within an organization. The access risk in this area is associated with inappropriate physical access to critical information systems.
- Functional Access – (Within an Application)
- Field Level Access – (Within a Function)
Content Related to External Access Risk on KnowledgeLeader: