I'm currently writing a module on Access Control Management and thinking about the differences between two AC paradigms, which would also be applicable to physical security design. I'll list the two paradigms and am asking for your thoughts about the advantages/disadvantages of either one over the other
1. "Open-to-Closed": We start by considering the facility as being "wide open" - with FULL access to EVERYONE - and then we implement or "add" restrictions one by one to "lock down" the facility to eliminate all identified forms of unacceptable/disallowed access, based on the business purposes/uses of the facility.
2. "Closed-to-Open": Here, we start by considering the facility as being completely "locked down" - providing NO access to ANYONE - and then we remove restrictions one by one based on demonstrated need for access, until the access pattern permits all legitimate forms of access and activity as demanded by the business/usage purposes of the facility.
Some questions might be:
1. Do you think both paradigms would ultimately arrive at the same access control pattern, just from different directions, or do you think that the process of adding restrictions to a "FULL-OPEN" facility might result in a different access pattern than the process of removing restrictions from a "FULL-CLOSED" facility?
2. Do you think there would be a difference in the access control systems we might use or consider using if we used one paradigm rather than the other?
3. Do you think that one paradigm offers any advantage over the other in terms of avoiding "unintentional consequences" or "holes" in the access control system?
Any thoughts at all are appreciated!
1. "Open-to-Closed": We start by considering the facility as being "wide open" - with FULL access to EVERYONE - and then we implement or "add" restrictions one by one to "lock down" the facility to eliminate all identified forms of unacceptable/disallowed access, based on the business purposes/uses of the facility.
2. "Closed-to-Open": Here, we start by considering the facility as being completely "locked down" - providing NO access to ANYONE - and then we remove restrictions one by one based on demonstrated need for access, until the access pattern permits all legitimate forms of access and activity as demanded by the business/usage purposes of the facility.
Some questions might be:
1. Do you think both paradigms would ultimately arrive at the same access control pattern, just from different directions, or do you think that the process of adding restrictions to a "FULL-OPEN" facility might result in a different access pattern than the process of removing restrictions from a "FULL-CLOSED" facility?
2. Do you think there would be a difference in the access control systems we might use or consider using if we used one paradigm rather than the other?
3. Do you think that one paradigm offers any advantage over the other in terms of avoiding "unintentional consequences" or "holes" in the access control system?
Any thoughts at all are appreciated!
Comment