Security of information, assets, and people is a desired objective. To reduce security risks, it is desirable to only expose authorization/access authority when a user needs it. For example, an employee may work an 8-hour day, yet his/her system access is available around the clock leaving the system unnecessarily vulnerable for 16 hours. In addition, the system shouldn't be left available when an employee is sick, on vacation, on leave, is working from home, at a customer site, at lunch, off on a holiday, running errands, etc. The ratio of need versus idle time drastically skews periods of vulnerability unnecessarily. Unfortunately, these off-peak hours may be considered an opportune time to compromise a system because fewer staff members/employees are present to notice and/or respond to breaches.
Sensitive information can be secured in part by managing access to such information, including access to electronic information, networks, devices associated with networks, and information systems associated therewith. Managing access can include, for example, requiring authentication or access credentials before allowing access to such information, networks, devices, and information systems. Further, many entities maintain security of their physical premises to secure physical assets, information, and people. Security of a physical premises can include, for example, requiring access credentials for access and monitoring the access of individuals to the physical premises. However, challenges can arise with regard to maintaining the security of information (e.g., electronic information), networks, associated devices, and information systems, while still facilitating access at the appropriate time to such information to those persons or entities that require it. Current approaches lack an effective solution for integrating physical access control and IT security to reduce security risks.