*4.4.4 Authorization and access control*

Authorization policies define access capabilities for groups and entities. Access controls, sometimes referred to as permissions or privileges, are mitigating controls to enforce authorization. As such, access controls speak to lowering probabilities against unauthorized access, which could cause loss to data integrity, confidentiality, and availability. The effectiveness and the strength of unauthorized access reduction depend on the correctness of the admittance control decisions and the strength of entry control enforcement. The current OWASP Testing Framework [31] promotes the testing of four key elements in this security area: "Testing Directory Traversal File Include, Testing for Bypassing Authorization Schema, Testing for Privilege Escalation, Testing for Insecure Direct Object References."

*Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework DOI: http://dx.doi.org/10.5772/intechopen.96456*
