Access Control

In: Computers and Technology

Submitted By ductrung8184
Words 304
Pages 2
Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system with layered defense-in-depth protection.

Instructions:
For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls (listed after the scenarios) for the given scenario and justify your recommendation.

Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail.

Access Controls * Administrative controls: Policies approved by management and passed down to staff, such as policies on password length. 4 * Logical/technical controls: Control access to a computer system or network, such as a username and password combination. 3 * Hardware controls: Equipment that checks and validates IDs, such as a smart-card for or security token for multifactor authentication. 2 * Software controls: Controls embedded in operating system and application…...

Similar Documents

Access Control

...ACCESS CONTROL SYSTEM BY name SYSTEM ANALYSIS AND DESIGN – CIS210 Professor Ntinglet-Davis, Ed. D. Case Study 1 30 October, 2012 The purpose of this paper is to discuss installing an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system.  The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Project Title: Install Access Control System in Hall of TC CARRINGTON dormitory Project Justification: To increase the security and integrity of dormitory access at Southern Maryland Community College, one dormitory has been set up as a test site for the newly access control system (ACS). According to Germain (2011), an “access control system allows you to monitor when people enter and exit access control systems help to keep unauthorized people out, while providing flawless access to those who are authorized to be there” (para. 1). Project Scope: Install entry access system to dormitory using current security system. Project Deliverables: Scope Statement: The purpose of this project is to install an ACS in the Hall of TC CARRINGTON dormitory on the campus of Southern Maryland Community College located at 1010 Anywhere Ln, Waldorf MD, 20000. The ACS will automatically unlock the dormitory doors via an electronic proximity reader. The electronic proximity......

Words: 523 - Pages: 3

Access Control

...SOCIALISM Student Edward Hawkins Instructor: Professor Muhammed Sohna SOC300 – Sociology of Developing Countries May 5, 2013 SOCIALISM Definition Socialism – Socialism is a political term applied to an economic system in which property us held in common and not individually, and relationships are governed by a political hierarchy. Common ownership doesn’t mean decisions are made collectively, however. Instead, individuals in positions of authority make decisions in the name of the collective group. Also, socialism is a social and economic doctrine that calls for public rather than private ownership or control of property and natural resources. History The history of socialism has its origins in the French Revolution of 1789 and the changes brought about by the Industrial Revolution, although it has its precedents in earlier movements and ideas. The Communist Manifesto was written by Karl Marx and Friedrich Engels in 1848 just before the Revolutions of 1848 swept Europe, expressing what they termed ‘scientific socialism’. In the last third of the 19th century in Europe social democratic parties arose in Europe drawing mainly from Marxism. The Australian Labor Party was the world’s first elected socialist party when the party won the 1899 Queensland state election. In the first half of the twentieth century, the Soviet Uniion and the Communist parties of the Third International Around the world mainly came to represent socialism in......

Words: 733 - Pages: 3

Access Control

...an access control system for entry into a dormitory. This will include analysis and design, which involves the creation of various design documents. Following this, the system will be developed. In this stage, any development requirements will be completed. This may involve the development of a database system or modification of a commercial off the shelf system. During the integration phase, the physical installation of the system will occur. This is followed by testing. Once testing has been completed, the major project scope ends and the project enters into a maintenance phase. Major Tasks There will be five major tasks in this project, including: 1. Analysis and Design a. Design Documentation i. With this task, documentation is written up to describe the work that needs to be completed. This documentation is reviewed by all stake holders to ensure that the requirements are have been accurately conveyed and understood. b. Design Models i. With this task, flow charts and/or use case are created to describe the functionality. These documents are of particular importance to members of the project team, as they provide a model for the actual system 2. Development a. Database i. Depending on the results of the analysis and design task, either a custom or a commercial off the shelf system will be used. This system will require development or customizations to meet specific needs. b. Interface i. An interface is required to view access......

Words: 479 - Pages: 2

Access Controls

...Exercise 3: Access Controls Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000......

Words: 291 - Pages: 2

Access Controls

...NT2580 Unit 3 Access Controls 1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Administrative and Logical/technical would be recommended for this company. They would only require a basic yet secure system for their small network. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smartphones. Administrative and Logical/technical is recommended for this company. Being a small company, basic things are needed. With the network secured with strong passwords and the communication on smartphones, this is all they need. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. Administrative, Logical/technical, Hardware and Software are recommended for this company. With the size of the company, they need many rules set to maintain security. With communication through email and extensive travel, they also need to be secured. Traveling is a risk because they might leave sensitive things behind, security ensures nothing is revealed. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. Software and physical are recommended for this company. Since they......

Words: 335 - Pages: 2

Access Control

...a small construction company consisting of 12 computers that have internet access. DAC works best in this situation because it is a small company with few computers. Computer use would be limited because all work completed is done manually. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smartphones. MAC would work best for this company because of the type of work completed and how employees communicate. All work is completed online and the owner can distribute permissions easily. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Nondiscretionary Access Control works best for this company because of the amount of computers, employees, servers and type of work. The security admin is the only person that can handle this large of company. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. Rule-Based Access is needed for this company because there are many employees with a variety of items sold. The system admin can decide different access levels to each department and user. 5. Confidential Services Inc. is a military-support branch consisting of 14 million computers with internet access and 250K servers. All employees must have security clearances, and they......

Words: 311 - Pages: 2

Access Controls

...Remote access control policy definition Richman Investments firm Remote access control policy The following is the firm remote access control policy. The policy will be listing the appropriate access controls for systems, applications and data access. We will be providing a description on each type of access. It is our mission to preserve and protect the Confidentiality, Availability and Integrity of our Firms Information System. 1. Systems Access Control. A. Users are required to use a user ID with password and smart card for accessibility. B. Remote Users are required to use a user ID with password and software token for accessibility. C. All users most change user password every 30 days. D. Users will only have access to their branch office. E. User’s logins will be recorded. F. Only authorized users will be allowed access to their respected system. G. Management users will have access to their own branch office and also to Head Quarters office. H. Desk top, mobile and wireless devices most be loaded with up to date firm ware, OS software and patches. 2. Application Access Control. A. Users will be assigned rights to use individual application. B. Users will have to use first and second layer of authentication to gain access to their application. C. Users will be recorded using application. D. IT Administration is responsible for running monthly application test. E. Applications will be tested for......

Words: 383 - Pages: 2

Access Control System

...Overview of the Project Building an Access Control System in a dormitory of small college Purpose of the Project The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system.  The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Work Includes A. Furnish and install all equipment and materials in accordance with these specifications and drawings to provide a complete and operating Door Access Control System. B. The scope of work for the Access Control and Security System shall include to providing the following: 1. Local control panels within the SER. 2. Card readers. 3. Magnetic door locks. 4. Exit push button. 5. PTZ camera. C. The scope of work for the software shall include to providing the following: 1. Install Software in the computer within the SER (computer, printer provide by owner) 2. Train the owner or who represent the company of how to use the software and add identification card to the system. Project process * The typical access control system consists of a control panel, PC, Software card/ pin reader, electromagnetic lock or door strike, power supply system and a push button. * The valid and authorized card user must present the card to the security system. * Upon verification by the reader, the locking system will be reenergized and the door can be pushed open. * To exit the...

Words: 512 - Pages: 3

Access Control

...In computer security, access control includes authentication, authorization and accountability. In access control models, the human users or software which execute actions are defined as subjects; while the resources or whatever which are intended to be protected from illegal access are designated objects. Authentication is the process of verifying the credential provider claiming who he or she is. Before a subject open an account in online retailers or financial service firms, there is an initial step knew as identity proofing. That is, the subject must provide enough information to assert who you are. Right now there are three kinds of identity proofing , from simple to complex but with security assurance ascending. They are showed as follow: 1. Classic knowledge-based authentication (KBA), such as simple questions of “what is your favorite fruit”, which is easy to guess and the same to fraud. 2. Dynamic KBA. Instead of raise up questions predefined by the subject, the system generates questions on the fly based on the information in a subject’s personal aggregated data file from public records. To initiate the dynamic KBA, basic identification factors, such as name, address and date of birth must be provided by the subject. 3. Out-of-band proofing, which verify identity through other means such as SMS or a phone call rather than web channel. The credential used to identify the subject includes: 1. Something the subject knows, such as Personal Information Number......

Words: 524 - Pages: 3

Access Control

...PROJECT’S RISK STATUS THROUGHOUT THE LIFECYCLE AS WELL AS HOW THIS STATUS WILL BE REPORTED TO THE STAKEHOLDERS/ MANAGEMENT.] Risks will be assigned a risk owner(s) who will track, monitor and control and report on the status and effectiveness of each risk response action to the Project Manager and Risk Management Team on a . A “Top 10 Risk List” will be maintained by the PM/Risk Manager or IPT and will be reported as a component of the project status reporting process for this project. All project change requests will be analyzed for their possible impact to the project risks. As Risk Events occur, the list will be re-prioritized during weekly reviews and risk management plan will reflect any and all changes to the risk lists including secondary and residual risks. Management will be notified of important changes to risk status as a component to the Executive Project Status Report. [State timeframe, i.e., every two weeks] The Risk Manager (PM) will: • Review, reevaluate, and modify the probability and impact for each risk item [timeframe, as needed, every two weeks, etc.] • Analyze any new risks that are identified and add these items to the risk list (or risk database). • Monitor and control risks that have been identified • Review and update the top ten risk list [timeframe, as needed, every two weeks, etc.] • Escalate issues/ problems to management [List factors that......

Words: 2398 - Pages: 10

Access Control

...construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have......

Words: 287 - Pages: 2

Access Control

...Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access......

Words: 1611 - Pages: 7

Access Controls

...In scenario one, I would think that one of the most important would be software controls so that you know what your employees of such a small business are doing. You would want to make sure that they are being productive and not taking out any of your customers’ sensitive information. Most likely you would store your vendor’s information, purchase orders, and customer’s information. This might include account numbers, or contact information that you wouldn’t want just anyone to get a hold of. Therefore you wouldn’t want to allow anyone to cause you to lose this information by causing your network to get a virus. Even more simpler than that would be due to the fact you are as small as you are, you most likely don’t have a administrator present all the time, and would have to contract out someone to come fix the network if some sort of attack was caused by loading unapproved software onto the system. In scenario two, I believe that you would have similar needs of above, but also would want to have some more in depth administrative controls on the smartphone side of business. You wouldn’t want someone to have something unprofessional on the voice mail of the phone, or even downloading applications that would allow the company to lose money in wages from employees not utilizing the resources that are given properly. In scenario three, you would want emphasize on the physical end of the security. I believe this because with 120,000 computers and 45,000 servers, you have...

Words: 487 - Pages: 2

Access Control Policy

... Access Control Policy Student Name: Christopher Waller University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Romel Llarena Date: May 13, 2012 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems 1 Authentication Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Authentication credentials really help control access to sensitive data or systems by making it literally to get unauthorized access to them. Passwords and usernames are a good way to start because if you use those rights then these are hard to bypass, but multifactor authentication is a more efficient way for secure access. Triple authentication requires something you have, something you know, and something you are such as a keycard, password and a fingerprint. 2 Access control strategy 1 Discretionary access control Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that......

Words: 526 - Pages: 3

Access Control

...Running head: Dormitory Access Control Case Study: Dormitory Access Control Elizabeth Koch CIS 210 Dr Lopez Abstract As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system.  The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door.  Create a 3-4 page project plan for this project in which you: Project Scope Statement The Information Security team at Small University has been given the project to install an access control system (ACS) from Dynamics Security in a dormitory. The ACS will automatically unlock the doors via an electronic proximity reader and integrate with an existing security camera system. The existing cameras are designed to face and rotate to record a person as they use their identification card to unlock the doors. For this reason, the system will be designed in a way that the user will have three chances to unlock the door, if the user fails to unlock the door on the third attempt, then the alarm will go off. The ACS will also be designed to allow the security administrator to make changed for the ACS operations. These changes will be the camera positions, setting the alarm time, and setting the time the dormitory doors will lock. ...

Words: 755 - Pages: 4

BDRipVF Hôtel Transylvanie | Jean Smart | 战神之怒iphone/ipad版