Short Description: Allows ICT administrators to centrally configure and manage user and group access permissions to network resources, services, databases, applications and user devices. It also enables secure information exchange between different applications.

Full Description: In general, the information security services ICT Building Blocks uses a group of methods to intelligently control access to resources, enforce policies, secure information, and log/audit who has accessed what resource and for what purpose. When dealing with information security, there are several key capabilities that need to be considered. These capabilities can be implemented and leveraged at a local solution level, scaled up to an enterprise wide solution, or any combination in between. There are four key capabilities necessary to enable better management and use of electronic information so as to facilitate secure storage and the exchange of data between consumers, vendors and other organizations. This data exchange will need to be conducted in ways that safeguard the availability, integrity, confidentiality and accuracy of the information. Access management: Following identification and authentication of users, this ICT Building Blocks controls user access to resources within a system (country, network, enterprise or individual solution) by associating user rights and restrictions with the established identity. Cryptography and digital signatures: An essential part of any communication transmitted over an untrusted or insecure medium, including different types of networks and especially the Internet. Cryptography can serve many purposes, including: • Authentication – proving one’s identity • Privacy/confidentiality – ensuring only the intended message recipient can read the message • Integrity – ensuring that the message has not been altered in transit from the sender to the receiver • Non-repudiation – ensuring neither sender nor receiver cannot deny their actions on completion Logging, auditing and attribution: This provides traceability and documentary evidence of a sequence of actions. This process can and should contain actions such as system login, information access and system restarts, among many others. Single sign-on: Allows users who have different usernames and passwords for each application to authenticate themselves for multiple applications using the same sign-in credentials.

Other Names: Information security, Privacy, Access control

Key Digital Functionalities:

• Restriction of connection to only those devices and applications that have been functionalities certified as conforming to standards
• Filtering of credentials to allow only authorized systems and personnel to access and perform specific operations on data
• Anonymization of documents by removing personal identity information
• Encryption of data in storage or transmission to prevent illegal tapping or copying of information for parties other than the authentic destination
• Detection and restriction of normal and abnormal patterns in data access and operations

Examples of use in different sectors:

• Agriculture sector: 
  • SSL digital certificate-based payment gateway to enable financial transactions in agriculture eMarketplace
• Education sector: 
  • Multi-password management systems in schools for secure storage of passwords and sensitive data
• Health sector: 
  • SSL digital certificate-based permission for uploading digital documents to servers from client systems
  • Role-based access control in hospital information systems that prevents unauthorized persons from accessing content
  • HL7/DICOM messaging for transmission of anonymized data
  • MAC-id-based access control protocols for allowing only authorized machines to access or operate medical or financial records
  • ePayment applications verify the digital signature of the payer, or diagnostic tests check the digital signature of doctors for authenticating medical reports in insurance claims
  • Biometric passwords may be used for health workers accessing eLearning tools, patient data, etc via mobile devices and computers