Computer technology continues to advance toward a tiered decentralized world of distributed platforms for entering, processing, and retrieving information. Technological implementations are diverse and complex; however, all IT deployments should be protected from unauthorized usage utilizing suitable information asset access controls. Given IT interconnectivity, entities should also protect information assets from unauthorized manipulation to safeguard investments from risks associated with resource misuse. Consequently, information assets access control is typically viewed from two abstraction perspectives: physical and logical security.
Physical security provides tangible assets protection whether an item is at rest or in transit. Sub-categorically, information physical security involves reducing technological vulnerabilities, usually by limiting access to the buildings and rooms where information assets are housed, or by installing mechanical locks on devices. However, physical access controls should address not only the area containing hardware, but also wiring locations utilized to connect system elements, supporting services, backup media, and other items required for IT operational effectiveness.
Distinctively, logical security focuses on safeguarding intangible assets whether data is at rest or in transit. Logical access controls are the manual and electronic policies, procedures, and organizational structures deployed to safeguard symbolic objects. Essential elements for adequate logical access control are identification, authentication, authorization, and accountability.