Key Area 3: Access Control (AC)
The most secure system is one that is never turned on, one that is never loaded with data, and one that no one can access.
Since security priorities do not govern organizations, we need to consider access control a high priority and focus on the following areas:
- Account management
- Least privilege
- Separation of duties
- Wireless access restrictions
- Remote Access
- Information flow enforcement