(1) The ability to physically or logically enter or make use of an IT system or area (secured or unsecured.) The process of interacting with a system. (2) The controlled ability or right to obtain, retrieve, alter, destroy, duplicate, copy, scan, photograph, use, examine, print, read, enter, exit, communicate with, and/or view systems or information stored in any media including but not limited to paper, x-ray, film, a computer’s memory, and electronic media such as an internal or external hard drive, a backup tape, or a USB (Universal Serial Bus) stick. For assessments, this term may refer directly to scoped target data or systems. This term includes virtual, digital, and physical access. Source: FFIEC IT Examination Handbook, Information Security. 2021. https://ithandbook.ffiec.gov/glossary.aspx
