Access Control Simulation
Ground Level
Upon entry the door was locked and a key card was required for this single point of entry. There were security cameras outside of the building. There was a dumpster outside that was not secured, which could allow anyone access to sensitive information. Locking the dumpster or placing it in a secured location would mitigate this risk. The receptionist did not ask me to verify my identity. The receptionist should be required to verify the identity of everyone entering building to prevent a person from entering the building that isn’t authorized. There was a security room with security personnel viewing the monitors. Office 1-1 had a post it note taped to computer monitor with names that could be passwords. Increased password security should be implemented to reduce the risk of someone hacking into a system. Both office 1-1 and 1-2 had fingerprint scanners, which increases access control. In office 1-2 there was an unattended paper shredder, which should be secured due to sensitive information. In the hallway there was a security camera and a utility box but the wire cabinet was not locked. As such, anyone can access the hardware inside. A lock should be installed to prevent unauthorized access to the hardware. Also in the hallway there was an Ethernet jack which allowed access to the internet. Controls should be put in place to require security access to logon to the network.
Floor 2
Cubicle 2-1 had a pre-approved offsite equipment request posted This should be secured to prevent an unauthorized person from stealing equipment. Both cubicle 2-1 and 2-2 had fingerprint scanners. Cubicle 2-3 had a locked file drawer and the computer was password protected as it locked after four attempts. Cubicle 2-4 did have a UPS but there was a flashdrive on the desk as well as login information on a post it note. Flashdrives should be encrypted and increased controls surrounding password/login information should be enforced. Password/login
Upon entry the door was locked and a key card was required for this single point of entry. There were security cameras outside of the building. There was a dumpster outside that was not secured, which could allow anyone access to sensitive information. Locking the dumpster or placing it in a secured location would mitigate this risk. The receptionist did not ask me to verify my identity. The receptionist should be required to verify the identity of everyone entering building to prevent a person from entering the building that isn’t authorized. There was a security room with security personnel viewing the monitors. Office 1-1 had a post it note taped to computer monitor with names that could be passwords. Increased password security should be implemented to reduce the risk of someone hacking into a system. Both office 1-1 and 1-2 had fingerprint scanners, which increases access control. In office 1-2 there was an unattended paper shredder, which should be secured due to sensitive information. In the hallway there was a security camera and a utility box but the wire cabinet was not locked. As such, anyone can access the hardware inside. A lock should be installed to prevent unauthorized access to the hardware. Also in the hallway there was an Ethernet jack which allowed access to the internet. Controls should be put in place to require security access to logon to the network.
Floor 2
Cubicle 2-1 had a pre-approved offsite equipment request posted This should be secured to prevent an unauthorized person from stealing equipment. Both cubicle 2-1 and 2-2 had fingerprint scanners. Cubicle 2-3 had a locked file drawer and the computer was password protected as it locked after four attempts. Cubicle 2-4 did have a UPS but there was a flashdrive on the desk as well as login information on a post it note. Flashdrives should be encrypted and increased controls surrounding password/login information should be enforced. Password/login