جميع الحقوق محفوظة ـ اإلعتداء عىل حق املؤلف 25 بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونيةB/1- Physical access controls:provide security over tangible IT resources and include such things as locked doors, surveillance cameras, and security guards, fire detection and suppression equipment. Housing sensitive equipment, applications, and data away from environmental hazards such as flood plains, flight paths, or flammable liquid stores. Physical Controls: Physical controls limit physical access and environmental damage to computer equipment and important documents. B/1/1: Physical access. Only operators should be allowed unmonitored access to the computer center. B/1/2: Environmental controls. The computer center should be equipped with a cooling and heating system to maintain a year-round constant level of temperature and humidity, and a fire-suppression system. B/2: Logical access controls:provide security over software and information imbedded in the system and include such things as firewalls, encryption, login IDs, passwords, authorization tables, and computer activity logs. B/2/1: Logical Controls: Controls that focus on authentication and authorization B/2/1/1: Authentication: - The act of ensuring that the person attempting to access the system is in fact who he says he is. - The most widespread means of achieving this is through the use of IDs and passwords. - Authentication is the process of verifying who someone is B/2/1/2: Authorization: Is the practice of ensuring that, once in the system, the user can only access those programs and data elements necessary to his job duties. - In many cases, users should be able to view the contents of some data fields but not be able to change them. - authorization is the process of verifying what specific applications, files, and data a user has access to.