Many businesses today exchange goods, services, information and knowledge using network-enabled technologies. Within such business, the proper protection of confidential information is essential to achieve the desired benefits and mitigate the associated risks. Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties.
Access risk includes the risk that access to information (data or programs) will be inappropriately granted or refused. Unauthorized people may be able to access confidential information, while simultaneously, authorized people may be denied access. Access risk is pervasive – it includes information for any purpose.
Access risk focuses on the risks associated with inappropriate access to systems, data or information. It encompasses the risks of improper segregation of duties, risks associated with the integrity of data and databases, and risks associated with information confidentiality. Access risk can occur at any of the following:
- Network: The mechanism used to connect users with a processing environment. The access risk in this area is driven by the risk of inappropriate access to the network itself.
- Platform: The host computer system on which application systems and related data are stored and processed. The access risks in this area are driven by the risk of inappropriate access to a processing environment and the programs or data that are stored in that environment.
- Database: The collection of data that is organized in a manner that allows its contents to be easily accessed, managed and updated. The access risk in this area is driven by the risk of inappropriate access to valuable information.
- Application System: The programs that are used to process information that is relevant to business processes. The access risk in this area is associated with inappropriate logical access to system resources.
- Physical: The unauthorized physical entry of an intruder to the system resources within an organization. The access risk in this area is associated with inappropriate physical access to critical information systems.
- Functional Access: This occurs within an application.
- Field Level Access: This occurs within a function.
Learn more about external access risk by exploring these related tools on KnowledgeLeader:
External Access Risk Key Performance Indicators (KPIs)
Considering Internal Whistleblower Systems When Evaluating External Risk
Manage Security and Privacy RCM