Whether access control system assurance is done for regulatory compliance or simply because it is good business practice, there are some best practices to make the task more effective:

• Follow a defined model: The C-I-A triad, five pillars of IA, and Parkerian hexad are all well-known and tested models of information assurance.
• Use access controls to enforce IA: Regardless of which model you use, your organization should choose and develop access control systems that will enforce the key tenets of confidentiality, integrity, and availability.
• Implement an IDS: An intrusion detection system is a key tool for recognizing and stopping an attack in progress.
• Make audit trail analysis a priority: Log files and audit trails that are rarely analyzed are the digital equivalent of a paperweight. They are of limited use and take up a lot of space. Tools such as SIEMs make this task easier.
• Implement an ongoing training policy: This will ensure that all personnel, not just security engineers, are aware of information assurance concepts and know how to recognize potentially important anomalies as they encounter them.

Following these best practices will help you implement information assurance within your organization.