What Are Access Controls?
Procedures designed to restrict access to on-line terminal devices, programs and data. Access controls consist of “user authentication” and “user authorization”. “User authentication” typically attempts to identify a user through unique logon identifications, passwords, access cards or biometric data. “User authorization” consists of access rules to determine the computer resources each user may access. Specifically, such procedures are designed to prevent or detect:
- Unauthorized access to on-line terminal devices, programs and data;
- Entry of unauthorized transactions;
- Unauthorized changes to data files;
- The use of computer programs by unauthorized personnel; and
- The use of computer programs that have not been authorized.