Access Control Security Systems Nationwide
An access control system (ACS) is a measure of security that controls what or who is granted permission to enter a facility, computing environment or a system. In general, an access control security system falls into two distinct categories: logical or physical. Logical access control systems restrict connections to data, files within a system, and computer networks. A physical access control system limits entrance to physical IT assets, buildings, rooms and areas marked as "for authorized persons only."
Basic Concepts of Access Control Security Systems
There are a variety of terms and concepts associated with access control. Below are a few of the most common:
- Object: Something that holds or receives information. The following are examples of protected objects:
- Records
- Printers
- Directories
- Files
- Programs
- Disc drives
- Domain and Type Enforcement: As a way of implementing a process of security on a system, protected objects of a system are assigned to a domain. Those objects are categorized as a type. The domain has rights to its allocated objects under their specified types.
- Subject: An active entity, such as a person, process or device, responsible for the flow of information between objects or changes the state of an access control system.
- Operation: An active process put into action by a subject. As an example, an ATM user inserts a card, enters a PIN and makes a balance inquiry or makes a deposit.
- Separation of Duty (SOD): This is a security principle that doesn't allow any authorized subject enough access permissions to misuse a system.
- Access Control List (ACL): A list that shows the set of rights a subject has to access an object.
- Permission (privilege): Authorization to act within a system.
Who Uses Access Control Systems?
One of the main reasons for installing an ACS is to help businesses and organizations maintain their compliance with local or federal regulations. For example, doctors' offices, hospitals and medical insurance companies require the security of an access control system to make sure they comply with HIPAA regulations. IP data is a sensitive intellectual property that requires pharmaceutical companies, software developers, startups and entrepreneurs to have an ACS to control who enters specific buildings. Because of the growing reliance on cloud-based services and data retention, any business that wants to keep up with SOC or SOC2 cybersecurity standards will have an ACS. SOC and SOC2 are a set of standards created by the American Institute of Certified Public Accountants (AICPA) that provide an assessment of a company’s cybersecurity controls.
Components of Physical Access Control Systems
Access control systems can effectively integrate with a variety of equipment. Still, a physical ACS has four fundamental elements:
- Access control barrier
- An electronic device for identification and verification
- A panel that manages the access control barrier
- A structure that connects and communicates with these components and links the ACS with reaction elements
Access control barriers are physical devices that could be drop or wedge arm barriers, turnstiles, portals or facilities for guards. Verification equipment might be a card reader or biometric scanner, which could examine an individual's retina or fingerprints. Reaction elements are alarms that notify through audible or visual means when an unauthorized entry has occurred.
Types of Logical Access Control
Logical access control systems can be categorized as one of the four models below:
Equipment Categories
Controlled access systems use the following four technologies and equipment as physical security measures:
- Physical control: Physical access control can occur within a building, but also can start a distance away outside of a facility’s perimeter to control vehicular traffic or attempts to enter using barriers or guard stations, for example.
- Cipher and tokens systems: Cipher lock systems require that a person enter a multi-digit code to proceed through the door of a protected area. Tokens are electronic or mechanical portable devices, ID cards or key fobs that a token reader examines electronically, or a security guard authenticates.
- Biometric systems: This type of access control system uses biometrics for access authorization. Examples of this access control technology include signature dynamics, facial recognition, vein geometry or fingerprint recognition, among others.
- Assistive technologies: An ACS using this alternative technology gives persons with disabilities or any special needs the ability to engage in the access control process.
Identification and Authentication
The identity of a user determines what permissions the subject has been given. Users requesting physical or logical access to protected resources or areas need to first be identified as having the proper clearance to do so. Factors for authentication can include something a person is (characteristics), such as biometrics, something a person has (ownership), such as a key or access card, and something a person knows (knowledge), like a PIN or password. Having a PIN-based authentication is the least expensive but also the least secure. An access card is secure but can be quite costly. Using biometrics is expensive too, but it is the safest of all the options.