Many businesses today exchange goods, services, information and knowledge using network-enabled technologies. Within such business, the proper protection of confidential information is essential to achieve the desired benefits and mitigate the associated risks. Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties.
Access risk means that access to information (data or programs) will be inappropriately granted or refused. Unauthorized people may be able to access confidential information, while simultaneously, authorized people may be denied access. Access risk is pervasive – it includes information for any purpose.
Access risk focuses on the risks associated with inappropriate access to systems, data or information. It encompasses the risks of improper segregation of duties, risks related to the integrity of data and databases, and risks related to information confidentiality. Access risk can occur at any of the following:
- Network: This is the mechanism used to connect users with a processing environment. The access risk in this area is driven by the threat of inappropriate access to the network itself.
- Platform: This is the host computer system on which application systems and related data are stored and processed. The access risks in this area are driven by the risk of inappropriate access to a processing environment and the programs or data stored in that environment.
- Database: This is the collection of data organized to allow its contents to be easily accessed, managed, and updated. The access risk in this area is driven by the risk of inappropriate access to valuable information.
- Application System: These are the programs used to process information relevant to business processes. The access risk in this area is associated with inappropriate logical access to system resources.
- Physical: This means the unauthorized physical entry of an intruder to the system resources within an organization. The access risk in this area is associated with inappropriate physical access to critical information systems.
- Functional Access: This occurs within an application.
- Field-Level Access: This occurs within a function.
Learn more about external access risk by exploring these related resources on KnowledgeLeader: