Preview

Unit 3 Assignment 1: Remote Access Control Policy Definition

Good Essays
Open Document
Open Document
651 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Unit 3 Assignment 1: Remote Access Control Policy Definition
Richman Investments has decided to expand their business. We have been given their new growth projections of 10,000 employees in 20 countries, with 5,000 located within the U.S. Richman has also established eight branch offices located throughout the U.S. and has designated Phoenix, AZ being the main headquarters. With this scenario, I intend to design a remote access control policy for all systems, applications and data access within Richman Investments. With so many different modes of Access Control to choose from it is my assessment that by choosing only one model would not be appropriate for Richman Investments. My recommendation would be a combination of multiple Access Control Models that overlap to provide maximum coverage and overall security. Here are my suggestions for access controls. Role Based Access Control or RBAC, this will work well with the Non-Discretionary Access Control model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or granting access to a group of people with the same job roles or responsibilities . With many different locations along with many different users it is important to identify the different users and different workstations within this network. Every effort should be dedicated towards preventing user to access information they should not have access to.
Non-Discretionary Access Control is defined as controls that are monitored by a security administrator. While RBAC identifies those with permissions, it is a security administrator that should further identify the level of access to each Role that is created. The security administrator should also designate certain users or workstations access to the information available within the network. Rule Based Access Control can also be linked to the first two models detailed in the paper (RBAC and Non-Discretionary), and is similar to RBAC. Rule Based Access Control is a set of rules to determine which users have access to


References: Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems SecuritY. Sudbury: Jones & Bartlett Learning.
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Good Essays

    Nt1330 Unit 1 Study Guide
    • 508 Words
    • 3 Pages

    Nt1330 Unit 1 Study Guide

    Role-based access control (RBAC) is an access policy determined by the system, not the owner. RBAC is used in commercial applications and also in military systems, where multi-level security requirements may also exist. RBAC differs from DAC in that DAC allows users to control access to their resources, while in RBAC, access is controlled at the system level, outside of the user's control. Although RBAC is non-discretionary, it can be distinguished from MAC primarily in the way permissions are handled. MAC controls read and write permissions based on a user's clearance level and additional labels. RBAC controls collections of permissions that may include complex operations such as an e-commerce transaction, or may be as simple as read or write. A role in RBAC can be viewed as a set of…

    • 508 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    IS 3230Unit 4 Assignment 1
    • 439 Words
    • 2 Pages

    IS 3230Unit 4 Assignment 1

    Finally, the system/application domain would require virtual testing of everything before any implementation, hardening of all servers, and keeping up with patches and updates regularly after testing has been completed. Some of the more efficient ways to implement better access controls in a company would start with the proper level of authorization policies including physical controls for facilities. The authorization policy would appropriate entry system access controls that specify what areas are to be locked at all times and what type of locking mechanism should be implemented. It would also include the implementation of secondary locks on specific equipment and storage cabinets…

    • 439 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    IS3230 Unit 4 Assignment 1 Chris Wigint
    • 1211 Words
    • 5 Pages

    IS3230 Unit 4 Assignment 1 Chris Wigint

    Privileged Users will be presented the ROB for Users with Privileged Access to Information Systems. Non-Privileged Users are required to select the appropriate ROB at first login per database prior to receiving access to the application. If a user elects to decline the ROB, access to…

    • 1211 Words
    • 5 Pages
    Powerful Essays
    Read More
  • Good Essays

    It244 R Appendix E
    • 650 Words
    • 3 Pages

    It244 R Appendix E

    Describe the policies for securing the facilities and the policies of securing the information systems. Outline the controls needed for each category as relates to your selected scenario.…

    • 650 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Nt2580 Unit 4 Assignment 1 Enhance An Existing IT Security Policy Framework
    • 438 Words
    • 2 Pages

    Nt2580 Unit 4 Assignment 1 Enhance An Existing IT Security Policy Framework

    Scope this policy applies to all Richman Investments employees, contractors, vendors and agents with a Richman Investments-owned or personally-owned computer or workstation used to connect to the Richman Investments network. This policy applies to remote access connections used to do work on behalf of Richman Investments, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to: frame relay, DSL, ISDN, SSH, VPN, dial-in modems, and cable modems, etc.…

    • 438 Words
    • 2 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Nt2580 Unit 3 Assignment 1 Remote Access Control Policy Def
    • 297 Words
    • 2 Pages

    Nt2580 Unit 3 Assignment 1 Remote Access Control Policy Def

    * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2).…

    • 297 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Lab 7 & 8
    • 1094 Words
    • 5 Pages

    Lab 7 & 8

    4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service?…

    • 1094 Words
    • 5 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    Multi-Layered Security Plan Paper
    • 492 Words
    • 2 Pages

    Multi-Layered Security Plan Paper

    In this Multi-Layered Security Plan, I will provide information on how to better improve the security of each domain and protect the data of Richman Investments. We shall secure all ports for incoming and outgoing traffic, only allowing the information that is needed through certain ports and to conduct business fast and efficiently. We will also be using the latest and most updated firewall protection and anti-virus software to add a better degree of security. This will be implemented throughout the entire company and we will inform all employees of this MLS plan.…

    • 492 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Nt 2580 Unit 7 Assignment 2
    • 444 Words
    • 2 Pages

    Nt 2580 Unit 7 Assignment 2

    The next feature that I will suggest to Richman Investment would be Access control. Access control restricts access to network resources and would require the user to have privileges to the resources. This would go hand and hand with the first feature that I suggested. You will need this for the first feature that I picked to give the users proper permissions to resources and this will help keep users out that should not have access to the resource.…

    • 444 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    POSS 355 Week 1 Assignment 1: File Sharing
    • 689 Words
    • 3 Pages

    POSS 355 Week 1 Assignment 1: File Sharing

    Implementing remote access will allow employees to telecommute which can bring down overhead costs and allow users the flexibility of accessing data outside of the office. In order to protect the data as well as users, audits and access control lists are to be implemented. Access Control allows the identity of the user to determine whether or not they are able to access certain file systems. In order for access control to work properly every user attempting to access the data will need to be entered into the system. Placing passwords on individual files will also provide an added layer of protection.…

    • 689 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Nt1330 Unit 1 Assignment
    • 711 Words
    • 3 Pages

    Nt1330 Unit 1 Assignment

    During operation, the system uses the access control rules to decide whether access requests consumers shall be approved or disapproved. Resources include individual files or items data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the…

    • 711 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Nt1330 Unit 3 Access Control Essay
    • 4603 Words
    • 19 Pages

    Nt1330 Unit 3 Access Control Essay

    access control entry (ACE)/ An entry in an object’s access control list (ACL) that grants permissions to a user or group. Each ACE consists of a security principal (the name of the user, group or computer being granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are creating and modifying the ACEs in an ACL.…

    • 4603 Words
    • 19 Pages
    Good Essays
    Read More
  • Powerful Essays

    Unit 4 Assignment 2
    • 717 Words
    • 3 Pages

    Unit 4 Assignment 2

    This policy applies to all Richman investments employees, contractors, vendors and agents with a Richman investments-owned or personally-owned computer or workstation used to connect to the Richman investments network. This policy applies to remote access connections used to do work on behalf of Richman investments, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc.…

    • 717 Words
    • 3 Pages
    Powerful Essays
    Read More
  • Powerful Essays

    Nt2580 Notes
    • 1034 Words
    • 5 Pages

    Nt2580 Notes

    Rule based- variation of DAC. Rules are created and access is based on the rules created.…

    • 1034 Words
    • 5 Pages
    Powerful Essays
    Read More
  • Good Essays

    You Decide week 5
    • 831 Words
    • 3 Pages

    You Decide week 5

    Good day MS Kim, I would like to explain the available options of Access Control Lists what will do and what types of ACLs there are. Complex ACLs can be tricky but will better for security for the network. There are three different types of ACLs, Dynamic ACL, Reflexive ACL, and Time Based ACL. Each ACL is unique to the type of network we have. Dynamic are also called lock-and-key ACLs which only allow IP traffic only. Also the lock-and-key authenticates the user and permits limited access through the firewall router for a host for a time. Time Based ACLs are a specific time that traffic is allowed on the network. When the device determines that an ACL applies to a packet, it tests the packet against the rules. The first matching rule determines whether the packet is permitted or denied. If there is no match, the device applies a default rule. The device processes packets that are permitted and drops packets that are denied. “ACLs protect networks and specific hosts we would be able to specify certain days and hours of which the user will have access to the network. With this type of ACL there is more control over permitting or denying access to resources. Reflexive ACL allows outbound traffic from the network and limits the inbound traffic. This allows greater control over what traffic is on the network and able to expend the control list. Also, with Reflexive when ACL, an unknown IP address is trying to gain access, it will put the IP address in a temporary ACL group and will await replies from the network and the network will automatically remove the IP address when the session is over. It is probably in the best interest for our network to concentrate on Reflexive ACLs for these reasons;…

    • 831 Words
    • 3 Pages
    Good Essays
    Read More

Related Topics