What does access security include in the context of preventing unauthorized system changes?

Access security encompasses both physical and administrative controls to effectively prevent unauthorized system changes. Physical controls involve tangible barriers and measures, such as locks, security cameras, and access control systems, designed to restrict physical entry to sensitive areas where systems and data reside. This is crucial because unauthorized individuals gaining physical access could manipulate or damage the systems directly.

On the other hand, administrative controls include policies, procedures, and practices that govern how access to systems is managed. This encompasses employee training, authorization processes, and other management-level decisions that define who is allowed access to certain information and systems and under what circumstances. Together, these controls create a comprehensive approach to security, ensuring that both the physical environment and the administrative policies are in place to protect against unauthorized alterations to the system.

Relying solely on either physical or administrative controls would leave vulnerabilities, as physical access does not guarantee compliance with procedures, and administrative controls without physical restrictions may not prevent someone from making direct changes to the systems. Therefore, the integration of both types of controls is essential for a robust access security framework.