Managing Access Controls

 

Complete a three to four-page report with APA cited references to support your work.

Part 1: For the scenarios that follow, identify the  data that would need to be protected. Recommend how you would implement  one or more of the access controls for the given scenario. Justify your  recommendations.

Scenarios:

  1. A small construction company consisting of 12 computers that have Internet access.
  2. A small advertising company consisting of 12 computers that have Internet access.
  3. All employees communicate using smartphones.
  4. A multinational IT services company consisting of 120,000 computers  that have Internet access and 45,000 servers. All employees communicate  using smartphones and e-mail. Many employees work from home and travel  extensively.
  5. A defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail.
  6. A military-support branch consisting of 14,000,000 computers with  Internet access and 250,000 servers. All employees must have security  clearances, and they communicate mainly using BlackBerry devices and  e-mail.

Part 2: Select an access control model that best  prevents unauthorized access for each of the five scenarios. Which types  of logical access controls should be used in each scenario? Justify  your recommendations.

  1. Access control models:
    1. Mandatory access controls
    2. Discretionary access controls
    3. Role-based access controls
    4. Rule-based access controls
    5. Content-dependent access controls
    6. Nondiscretionary access controls

  2. Access Controls

  1. Administrative controls: Policies approved by management and passed down to staff, such as policies on password length.
  2. Logical/technical controls: Control access to a computer system or network, such as a username and password combination
  3. Hardware controls: Equipment that checks and validates IDs, such as a  smart-card for or security token for multifactor authentication.
  4. Software controls: Controls embedded in operating system and application software, such as NTFS permissions.
  5. Physical controls: Control entry into buildings, parking lots, and protected areas, such as a lock on an office door.