During your first week as an Information Systems Security director, you met with the Chief Information Officer (CIO). During the meeting, he revealed to you his deep concerns regarding the security features that control how users and systems communicate and interact with other systems and resources. The CIO asks you to develop access control in a well-organized and appropriately documented program. The program and measures that your company’s senior managers will implement must be properly designed and put into policy.
One common approach to designing access control is to use categories of access controls to effectively document and communicate policy to the user community. These controls can logically prevent users from violating policy. They can also determine when violations have occurred and take action when violations take place. Finally, these controls can dictate how the organization will return to normal conditions after violations take place.
Assignment 2: Access Control Program
- In section 1, describe the seven primary categories of access controls system options managers may choose to implement. Include a description of each control and explain a situation for when the manager would choose the control for implementation.
- The CIO is very concerned about suspicious network activity. In section 2, describe the technical or logical controls managers would implement to detect when suspicious activity occurs on a network and report this to administrators.
- Additionally, many senior executives are concerned that the IT systems may not be able to handle incidents. In section 3, describe which access control category you would recommend managers to implement for catastrophic incidents.
- In section 4, the access control categories discussed in the previous sections serve to classify different access control methods based on where they fit into the access control time continuum. However, another way to classify and categorize access controls is by their method of implementation. For any of the access control categories, the controls in those categories can be implemented in one of three ways: Administrative, Logical, or Physical. Explain each access control type and provide implementation recommendations for managers.
While there is not a specific page requirement for this assignment, students are required to fully develop ideas and answer questions to the point that no further questions are left in the mind of the reader. If the instructor can clearly find the answers to their questions, the ideas within the report are fully developed. If there are unanswered or under-answered questions, further development of the report is required.
Keep the following in mind:
- More words do not necessarily indicate more meaning.
- When an employee is tasked with a project in the workplace that requires a report, the report should fully answer all the questions needing to be answered. In this school environment, students are learning how to prepare such documents.
- Consider your audience. Although instructors are very knowledgeable on the subject matter, they need to verify that the student has absorbed the material through a written report. Students should therefore write to an audience of a co-worker or classmate who does not know the answers to the questions posed.
- For students who are more comfortable with more specific guidelines, ideas can generally be developed in one to three paragraphs. The goal of writing in this class is to demonstrate what you have learned.