WEEK 3 & 4

Previously we have learned about general information security concepts which talks about security principles, access controls, types of authentication etc. For this week, the topic is all about security being enforced or operated by an organization. In every social group, there are always rules which guides us to do what is ought to be right and prevent us from committing what is wrong or deviant. The same thing goes with different organizations of different sizes, aspects, and roles in the society. In an organization it is vital to know their vulnerabilities or weaknesses so that they may address it by establishing the corresponding security mechanisms to mitigate possible threats. Members of the organization may be given various types of authorization to gain access to something depending on their standing in the organizational chart. This policy being enforced is called a Group policy. Also, members who belong in the top-level management have specific privileges which is restricted only to them. This is referred to as the Logical Access Controls which determines who should be authorized to do something. Other concepts such as time of the day restrictions, use policies, change management, and classification of information all contribute to the organization's security, safety and integrity.