Typically, system administrators at the top of organizational and governmental agencies ascertain which individuals or systems will be given access to information. The access control policy outlines the controls placed on both physical access to the computer system (that is, having locked access to where the system is stored) and to the software in order to limit access to computer networks and data. Access control policies provide details on controlling access to information and systems, with these topics typically covered at some length: the management of a number of key issues, including access control standards, user access, network access controls, operating system software controls, passwords, and higher-risk system access; giving access to files and documents and controlling remote user access; monitoring how the system is accessed and used; securing workstations left unattended and securing against unauthorized physical access; and restricting access.
RUSecure. RUSecure Information Security Policies. [Online, 2004.] RUSecure Interactive Security Policies Website. http://www.yourwindow.to/security-policies/ sosindex.htm.