Access Control Methods for Companies

In: Computers and Technology

Submitted By nadida1202
Words 597
Pages 3
HOMEWORK #3
PART B

1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access.
For this scenario, I would implement Discretionary/Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers and with Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access control mechanism for most desktop operating systems. Which is appropriate for the company because they are desktop dependant. This allows for enforcement of a good security policy. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones.
For this scenario I would implement Role Based/ Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. Role Based controls would be appropriate because with different departments you want to make sure that permissions are granted only to those employees who the permissions are assigned. This allows for enforcement of a good security policy.

3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively.
Software controls for computers and smartphones, but I would also apply Logical/technical controls to prevent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. Mandadory Access Control would be the other Access Control to be used. Mandatory Access Control secures information by assigning security levels to information and security clearances to users. The…...

Similar Documents

Access Control

...ACCESS CONTROL SYSTEM BY name SYSTEM ANALYSIS AND DESIGN – CIS210 Professor Ntinglet-Davis, Ed. D. Case Study 1 30 October, 2012 The purpose of this paper is to discuss installing an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system.  The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Project Title: Install Access Control System in Hall of TC CARRINGTON dormitory Project Justification: To increase the security and integrity of dormitory access at Southern Maryland Community College, one dormitory has been set up as a test site for the newly access control system (ACS). According to Germain (2011), an “access control system allows you to monitor when people enter and exit access control systems help to keep unauthorized people out, while providing flawless access to those who are authorized to be there” (para. 1). Project Scope: Install entry access system to dormitory using current security system. Project Deliverables: Scope Statement: The purpose of this project is to install an ACS in the Hall of TC CARRINGTON dormitory on the campus of Southern Maryland Community College located at 1010 Anywhere Ln, Waldorf MD, 20000. The ACS will automatically unlock the dormitory doors via an electronic proximity reader. The electronic proximity......

Words: 523 - Pages: 3

Access Control

...SOCIALISM Student Edward Hawkins Instructor: Professor Muhammed Sohna SOC300 – Sociology of Developing Countries May 5, 2013 SOCIALISM Definition Socialism – Socialism is a political term applied to an economic system in which property us held in common and not individually, and relationships are governed by a political hierarchy. Common ownership doesn’t mean decisions are made collectively, however. Instead, individuals in positions of authority make decisions in the name of the collective group. Also, socialism is a social and economic doctrine that calls for public rather than private ownership or control of property and natural resources. History The history of socialism has its origins in the French Revolution of 1789 and the changes brought about by the Industrial Revolution, although it has its precedents in earlier movements and ideas. The Communist Manifesto was written by Karl Marx and Friedrich Engels in 1848 just before the Revolutions of 1848 swept Europe, expressing what they termed ‘scientific socialism’. In the last third of the 19th century in Europe social democratic parties arose in Europe drawing mainly from Marxism. The Australian Labor Party was the world’s first elected socialist party when the party won the 1899 Queensland state election. In the first half of the twentieth century, the Soviet Uniion and the Communist parties of the Third International Around the world mainly came to represent socialism in......

Words: 733 - Pages: 3

Access Control

...an access control system for entry into a dormitory. This will include analysis and design, which involves the creation of various design documents. Following this, the system will be developed. In this stage, any development requirements will be completed. This may involve the development of a database system or modification of a commercial off the shelf system. During the integration phase, the physical installation of the system will occur. This is followed by testing. Once testing has been completed, the major project scope ends and the project enters into a maintenance phase. Major Tasks There will be five major tasks in this project, including: 1. Analysis and Design a. Design Documentation i. With this task, documentation is written up to describe the work that needs to be completed. This documentation is reviewed by all stake holders to ensure that the requirements are have been accurately conveyed and understood. b. Design Models i. With this task, flow charts and/or use case are created to describe the functionality. These documents are of particular importance to members of the project team, as they provide a model for the actual system 2. Development a. Database i. Depending on the results of the analysis and design task, either a custom or a commercial off the shelf system will be used. This system will require development or customizations to meet specific needs. b. Interface i. An interface is required to view access......

Words: 479 - Pages: 2

Access Controls

...Exercise 3: Access Controls Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000......

Words: 291 - Pages: 2

Access Controls

...NT2580 Unit 3 Access Controls 1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Administrative and Logical/technical would be recommended for this company. They would only require a basic yet secure system for their small network. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smartphones. Administrative and Logical/technical is recommended for this company. Being a small company, basic things are needed. With the network secured with strong passwords and the communication on smartphones, this is all they need. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. Administrative, Logical/technical, Hardware and Software are recommended for this company. With the size of the company, they need many rules set to maintain security. With communication through email and extensive travel, they also need to be secured. Traveling is a risk because they might leave sensitive things behind, security ensures nothing is revealed. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. Software and physical are recommended for this company. Since they......

Words: 335 - Pages: 2

Access Control

...1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. DAC works best in this situation because it is a small company with few computers. Computer use would be limited because all work completed is done manually. 2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smartphones. MAC would work best for this company because of the type of work completed and how employees communicate. All work is completed online and the owner can distribute permissions easily. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Nondiscretionary Access Control works best for this company because of the amount of computers, employees, servers and type of work. The security admin is the only person that can handle this large of company. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. Rule-Based Access is needed for this company because there are many employees with a variety of items sold. The system admin can decide different access levels to each department and user. 5. Confidential Services Inc. is a military-support branch consisting of 14 million computers with internet access and 250K servers. All employees must have......

Words: 311 - Pages: 2

Access Control

...Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system with layered defense-in-depth protection. Instructions: For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls (listed after the scenarios) for the given scenario and justify your recommendation. Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail. Access Controls * Administrative controls: Policies approved by management and passed down to......

Words: 304 - Pages: 2

Access Controls

...Remote access control policy definition Richman Investments firm Remote access control policy The following is the firm remote access control policy. The policy will be listing the appropriate access controls for systems, applications and data access. We will be providing a description on each type of access. It is our mission to preserve and protect the Confidentiality, Availability and Integrity of our Firms Information System. 1. Systems Access Control. A. Users are required to use a user ID with password and smart card for accessibility. B. Remote Users are required to use a user ID with password and software token for accessibility. C. All users most change user password every 30 days. D. Users will only have access to their branch office. E. User’s logins will be recorded. F. Only authorized users will be allowed access to their respected system. G. Management users will have access to their own branch office and also to Head Quarters office. H. Desk top, mobile and wireless devices most be loaded with up to date firm ware, OS software and patches. 2. Application Access Control. A. Users will be assigned rights to use individual application. B. Users will have to use first and second layer of authentication to gain access to their application. C. Users will be recorded using application. D. IT Administration is responsible for running monthly application test. E. Applications will be tested for......

Words: 383 - Pages: 2

Access Control

...In computer security, access control includes authentication, authorization and accountability. In access control models, the human users or software which execute actions are defined as subjects; while the resources or whatever which are intended to be protected from illegal access are designated objects. Authentication is the process of verifying the credential provider claiming who he or she is. Before a subject open an account in online retailers or financial service firms, there is an initial step knew as identity proofing. That is, the subject must provide enough information to assert who you are. Right now there are three kinds of identity proofing , from simple to complex but with security assurance ascending. They are showed as follow: 1. Classic knowledge-based authentication (KBA), such as simple questions of “what is your favorite fruit”, which is easy to guess and the same to fraud. 2. Dynamic KBA. Instead of raise up questions predefined by the subject, the system generates questions on the fly based on the information in a subject’s personal aggregated data file from public records. To initiate the dynamic KBA, basic identification factors, such as name, address and date of birth must be provided by the subject. 3. Out-of-band proofing, which verify identity through other means such as SMS or a phone call rather than web channel. The credential used to identify the subject includes: 1. Something the subject knows, such as Personal Information Number......

Words: 524 - Pages: 3

Access Control

... |Approved |Approval |Description of | |Number |By |Date |By |Date |Change | | | | | | | | | | | | | | | TABLE OF CONTENTS 1.0 INTRODUCTION 4 1.1 Purpose Of The Risk Management Plan 4 2.0 risk management Procedure 4 2.1 Process 4 2.2 ROLES AND RESPONSIBILITIES 4 2.3 Risk Identification 5 2.3.1 Methods for Risk Identification 5 2.4 Risk Analysis 6 2.4.1 Qualitative Risk Analysis 6 2.4.2 Quantitative Risk Analysis 6 2.5 Risk Response Planning 6 2.6 Risk Monitoring, Controlling, And Reporting 7 2.7 Risk Contingency Budgeting 8 3.0 Tools And Practices 8 4.0 Closing a Risk 8 5.0 Lessons Learned 9 Appendix A: Risk Management Plan Approval 10 APPENDIX B: REFERENCES 11 APPENDIX C: KEY TERMS 12 INTRODUCTION 1 PURPOSE OF THE RISK MANAGEMENT PLAN A RISK IS AN EVENT OR CONDITION THAT, IF IT OCCURS, COULD HAVE A POSITIVE OR NEGATIVE EFFECT ON A PROJECT’S OBJECTIVES. RISK MANAGEMENT IS THE PROCESS OF IDENTIFYING, ASSESSING, RESPONDING TO, MONITORING AND CONTROLLING, AND......

Words: 2398 - Pages: 10

Access Control

...Shingles is a small construction company consisting of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All......

Words: 287 - Pages: 2

Simple Access Control Policy

...1. Purpose This policy establishes the Access Control Policy for <Company>. <COMPANY> implements access controls across its networks, systems, and services in order to provide appropriate user access while ensuring proper security of data confidentiality, integrity, and availability. Human threats are the primary cause for a wide range of hazards to business systems and information. For this reason, access controls must be put in place to mitigate any possible threat. 2. Scope and Applicability The scope of this policy applies to all Information Technology resources owned and/or operated by <Company>. Any information not specifically identified as the property of other parties that is transmitted or stored on <COMPANY> IT resources is the property of <COMPANY>. All users, including <COMPANY> employees, contractors, vendors or others) of IT resources are held accountable for upholding this policy. The <COMPANY> external website and information contained within it is regarded as “Public” information, and is available to anyone inside or outside the company. 3. Standards Each user provided access to <Company> systems and data is provided this access on a least privilege and need-to-know basis. The corporation will use a combination of role-based access control, mandatory access control, and/or discretionary access control as appropriate in order to safeguard sensitive information. 4. Policy 4.1......

Words: 993 - Pages: 4

Access Control

...Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access......

Words: 1611 - Pages: 7

Access Controls

...In scenario one, I would think that one of the most important would be software controls so that you know what your employees of such a small business are doing. You would want to make sure that they are being productive and not taking out any of your customers’ sensitive information. Most likely you would store your vendor’s information, purchase orders, and customer’s information. This might include account numbers, or contact information that you wouldn’t want just anyone to get a hold of. Therefore you wouldn’t want to allow anyone to cause you to lose this information by causing your network to get a virus. Even more simpler than that would be due to the fact you are as small as you are, you most likely don’t have a administrator present all the time, and would have to contract out someone to come fix the network if some sort of attack was caused by loading unapproved software onto the system. In scenario two, I believe that you would have similar needs of above, but also would want to have some more in depth administrative controls on the smartphone side of business. You wouldn’t want someone to have something unprofessional on the voice mail of the phone, or even downloading applications that would allow the company to lose money in wages from employees not utilizing the resources that are given properly. In scenario three, you would want emphasize on the physical end of the security. I believe this because with 120,000 computers and 45,000 servers, you have...

Words: 487 - Pages: 2

Access Control

...Running head: Dormitory Access Control Case Study: Dormitory Access Control Elizabeth Koch CIS 210 Dr Lopez Abstract As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system.  The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door.  Create a 3-4 page project plan for this project in which you: Project Scope Statement The Information Security team at Small University has been given the project to install an access control system (ACS) from Dynamics Security in a dormitory. The ACS will automatically unlock the doors via an electronic proximity reader and integrate with an existing security camera system. The existing cameras are designed to face and rotate to record a person as they use their identification card to unlock the doors. For this reason, the system will be designed in a way that the user will have three chances to unlock the door, if the user fails to unlock the door on the third attempt, then the alarm will go off. The ACS will also be designed to allow the security administrator to make changed for the ACS operations. These changes will be the camera positions, setting the alarm time, and setting the time the dormitory doors will lock. ...

Words: 755 - Pages: 4