Preview

IS3230 Final Project Chris Wiginton

Powerful Essays
Open Document
Open Document
1356 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
IS3230 Final Project Chris Wiginton
IS3230 Access Control Proposal
Chris Wiginton
ITT Technical Institute, Tampa FL
Instructor: David Marquez
22 May, 2014

Proposal Statement
Integrated Distributors Incorporated (IDI) will establish specific requirements for protecting information and information systems against unauthorised access. IDI will effectively communicate the need for information and information system access control.
Purpose
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.
Scope
This policy applies to all IDI Stakeholders, Committees, Departments, Partners, Employees of IDI (including system support staff with access to privileged administrative passwords), contractual third parties and agents of the Council with any form of access to IDI’s information and information systems.
Definition
Access control rules and procedures are required to regulate who can access IDI information resources or systems and the associated access privileges. This policy applies at all times and should be adhered to whenever accessing IDI information in any format, and on any device.
Risks
On occasion business information may be disclosed or accessed prematurely, accidentally or unlawfully. Individuals or companies, without the correct authorisation and clearance may intentionally or accidentally gain unauthorised access to

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Jennifer’s full time position as Sales would need Sales access for her primary position. She should only have By Position access to Accounts Payable when she is working that position. She would need Read Only for Shipping and Receiving in order provide customers with information on inventory availability. Neither of her positions should have required her to have full access to Shipping and Receiving.…

    • 252 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    When specifying security policies for an enterprise, setting security on an individual-by-individual basis provides the tightest and most personalized security. The tradeoff, however, is the increased amount of administration effort in setting up the security and maintaining it on an ongoing basis. You have been brought in as a consultant from Smith Systems Consulting to advise Riordan Manufacturing on what it will take to establish adequate enterprise security policies. You will need to prepare a 3-5 page paper that highlights why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems.…

    • 651 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    IS3230 Final Project

    • 687 Words
    • 2 Pages

    Integrated Distributors Incorporated is facing a lot of challenges. The IT infrastructure has a lot of outdated hardware and software in multiple locations. This greatly increases security risks and exposes confidentiality, integrity, and availability. Some network compromises have ensued due to the outdated hardware and software. Sensitive and strategic information has been leaked to the public and it is time we put an end to this.…

    • 687 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Security implementation responsibilities focus on implementing the access controls and account management processes outlined in this Plan. The following positions are responsible for security implementation:…

    • 1211 Words
    • 5 Pages
    Powerful Essays
  • Better Essays

    SANS - Information Security Resources | Information Security Policy Templates |. (n.d.). Retrieved from http://www.sans.org/security-resources/policies/…

    • 4134 Words
    • 12 Pages
    Better Essays
  • Powerful Essays

    IS3340-Unit 2-Assignment 2

    • 1549 Words
    • 6 Pages

    vi. Each user and workforce member must ensure that their assigned User Identification is appropriately protected and only used for legitimate access to networks, systems, or applications. If a user or workforce members believes their user identification has been comprised, they must report that security incident to the appropriate Security Officer…

    • 1549 Words
    • 6 Pages
    Powerful Essays
  • Better Essays

    Tipton, H. F., & Krause, M. (n.d, n.d n.d). Access Control Principles and Objectives. Retrieved November 29, 2013, from cccure.org: https://www.cccure.org/Documents/HISM/003-006.html…

    • 1902 Words
    • 8 Pages
    Better Essays
  • Good Essays

    Implementing remote access will allow employees to telecommute which can bring down overhead costs and allow users the flexibility of accessing data outside of the office. In order to protect the data as well as users, audits and access control lists are to be implemented. Access Control allows the identity of the user to determine whether or not they are able to access certain file systems. In order for access control to work properly every user attempting to access the data will need to be entered into the system. Placing passwords on individual files will also provide an added layer of protection.…

    • 689 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    CMGT582 Wk2 IA

    • 1133 Words
    • 4 Pages

    This instruction obligates that “all information assurance (IA) and IA-enabled IT products incorporated into DOD information systems shall be configured in accordance with DOD approved security configuration guidelines”. This mandate provides that recommendations delineated in STIG checklists, will ensure DOD environments address those security requirements.…

    • 1133 Words
    • 4 Pages
    Powerful Essays
  • Powerful Essays

    FINAL Project IS3230

    • 1645 Words
    • 6 Pages

    type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules (aka policy) to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.…

    • 1645 Words
    • 6 Pages
    Powerful Essays
  • Satisfactory Essays

    Authorization Rules: Controls will be configured to ensure access is approved for only company/corporate employees. These controls will be set up based off of the position (job roles) of the employees to ensure they can only access what is required to allow them to perform their duties. The policy will include group membership policies as well as authority-level policies. The employee access will be assigned to the appropriate groups and authority- level policies.…

    • 328 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Information needs to be secure for a business so they usually would keep their important information stored in digital format. Information security management deals with digital data. Large businesses need to make good business decisions all the time so it is important that they are able to access their important information wherever and whenever they want, so this is why large business would usually use IT systems to store their information, but as the reliance on technology increases, so does the risk posed by the system failure and malicious attacks. So businesses IT policies should take into account of the frequent dangers to their information the business relies on. This relates to Asda as they have secure login identification, so when an employee from Asda logs onto the computer they needs to put their unique username and password and they will be able to access all their they are authorised to access. Asda may also have firewalls on their system to stop hackers getting onto their own personal network. Software Asda would consider is antivirus. This stops Asda’s system from getting…

    • 1048 Words
    • 5 Pages
    Good Essays
  • Good Essays

    Case Management System

    • 1115 Words
    • 5 Pages

    Distribution of Finance-Originating Documents: When disseminating records containing personally identifiable information (PII), Technicians must take reasonable precautions to prevent misuse of data. Under the Information Privacy Act, DMPO Personnel are required to ensure information is accurate, relevant, timely, complete and appropriate administrative, technical, and physical safeguards exist to ensure security and confidentiality of that information. Public Law 53-979, Information Privacy Act 1974.…

    • 1115 Words
    • 5 Pages
    Good Essays
  • Satisfactory Essays

    Access Control Models

    • 2490 Words
    • 10 Pages

    NT2580 Unit 3 Discussion 1: Access Control Models 10/01/2013 Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and…

    • 2490 Words
    • 10 Pages
    Satisfactory Essays
  • Powerful Essays

    Linux Security

    • 7689 Words
    • 31 Pages

    Contents 1. Introduction 1 1.1 Problem Statement 1 1.2 What Is Security? 1 1.3 OS Protection and Security 2 1.4 Assets and their Vulnerabilities 2 1.5 Protection 3 1.6 Intruders 3 1.7 Malicious Software 3 1.8 Trusted Systems 4 1.9 Protection and Security Design Principles 4 1.10 The Unix/Linux Security Model 5 1.10.1 Properties of the Unix Superuser 5 1.10.2 The Unix Security Model — Groups 6 1.10.3 Protection For Unix Files and Directories 6 1.10.4…

    • 7689 Words
    • 31 Pages
    Powerful Essays