nt2580 week 3, assignment 3-1(2) (1)
TRANSCRIPT
-
5/21/2018 NT2580 Week 3, Assignment 3-1(2) (1)
1/4
Davonte Brown6-32-14Unit 3 assignment
ITT Technical Institute3825 West Cheyenne Avenue, Suite 600
North Las Veas, Neva!a 8"032
NT2580 Intro!uction to In#or$ation Security
Wee% 3, &nit 3 ' A((ro(riate Access Controls #or Syste$s, A((lications an! )ata Access
AssignmentUnit 3 Assignment 1: Remote Access Control Policy Definition
Learnin *+ectives an! *utco$es
You will learn how to design a remote access control policy definition for an ! infrastructure"
Assin$ent -e.uire$ents
#ichman nvestments is an investment and consulting firm" !he company wants to e$pand its %usiness operations %oth
the U"&" and in foreign countries" t intends to eventually have 1'(''' employees in 2' countries"
!he #ichman corporate head)uarters is located in *hoeni$( +ri,ona" urrently( there are eight %ranch offices in.
+tlanta( /eorgia
hicago( llinois
incinnati( 0hio
Denver( olorado
os +ngeles( alifornia
ontreal( anada
ew Yor ity( ew Yor
5ashington( D""
!he orth +merican offices have a total of (''' employees who use destops( mo%ile computers( and wireless device
!he *hoeni$ office has an nternet connection to all remote offices %ecause redundancy is e$tremely important to the
company" !here are several sensitive applications that all offices use" !he management from each office share applicat
information that is hosted at the corporate office"
Design a remote access control policy for #ichman using the appropriate access controls for systems( applications( and
data access" nclude the design and 7ustification for using the selected access controls for systems( applications( and d
access"
!28' ntro to nformation &ecurity *age 1 of 4 5ee 3( Unit 3&teve !odd
-
5/21/2018 NT2580 Week 3, Assignment 3-1(2) (1)
2/4
Davonte Brown6-32-14Unit 3 assignment-e.uire! -esources
one
Su+$ission -e.uire$ents
9ormat. icrosoft 5ord
9ont. !imes ew #oman( &i,e 12( Dou%le-&pace
itation &tyle. +*+ 6 v2
ength. 1:2 pages
Due By. 11.; * 11 0cto%er 2'13
Sel#/Assess$ent Chec%list
have correctly designed a remote access control policy for the given scenario"
have correctly selected appropriate access controls for systems( applications( and data access"
have included my 7ustification for using the selected access controls for systems( applications( and data acces
Role Base access Control or RBAC, this will work well with the Non-Discretionary Access Control
model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or grantin
access to a grop of people with the same !ob roles or responsibilities . "ith many different locations
along with many different sers it is important to identify the different sers and different workstation
within this network. #$ery effort shold be dedicated towards pre$enting ser to access information th
shold not ha$e access to. Non-Discretionary Access Control is defined as controls that are monitored b
a secrity administrator.
"hile RBAC identifies those with permissions, it is a secrity administrator that shold frther identi
the le$el of access to each Role that is created. %he secrity administrator shold also designate certain
sers or workstations access to the information a$ailable within the network.
Rle Base Access Control can also be linked to the first two model. &RBAC and Non-Discretionary', an
is similar to RBAC. Rle Based Access Control is a set of rles to determine which sers ha$e access to.
Access control policy. An access control policy shold be established, docmented and periodically
!28' ntro to nformation &ecurity *age 2 of 4 5ee 3( Unit 3&teve !odd
-
5/21/2018 NT2580 Week 3, Assignment 3-1(2) (1)
3/4
Davonte Brown6-32-14Unit 3 assignment
re$iewed, based on bsiness needs and external re(irements. Access control policy and associated
controls cold take accont of)
*ecrity isses for particlar data systems and information processing facilities, gi$en bsiness nee
anticipated threats and $lnerabilities+
*ecrity isses for particlar types of data, gi$en bsiness needs, anticipated threats and
$lnerabilities. ere are some good examples of control accesses
Rele$ant legislati$e, reglatory and certificatory re(irements+
Rele$ant contractal obligations or ser$ice le$el agreements+
ther organiational policies for information access, se and disclosre+ and
Consistency among sch policies across systems and networks.
Access control policy content / Access control policies generally shold inclde)
Clearly stated rles and rights based on ser profiles+
Consistent management of access rights across a distribted0networked en$ironment+
An appropriate mix of administrati$e, technical and physical access controls+
Administrati$e segregation of access control roles -- e.g., access re(est, access athoriation, acces
administration+
Re(irements for formal athoriation of access re(ests &1pro$isioning1'+ and
!28' ntro to nformation &ecurity *age 3 of 4 5ee 3( Unit 3&teve !odd
-
5/21/2018 NT2580 Week 3, Assignment 3-1(2) (1)
4/4
Davonte Brown6-32-14Unit 3 assignment
Re(irements for athoriation and timely remo$al of access rights &1de-pro$isioning1'. 2 wold s
the $ery best data protection for my data 2 wold se the best of the best like a good $irs protectio
like malware. %hat was my essay hope yo learned a lot.
http)00www.stdymode.com0essays03nit-4-Assignment-5-Remote-Access-467489::.html
http://it.med.miami.edu/x2232.xml
!28' ntro to nformation &ecurity *age 4 of 4 5ee 3( Unit 3&teve !odd
http://www.studymode.com/essays/Unit-3-Assignment-1-Remote-Access-39634255.htmlhttp://www.studymode.com/essays/Unit-3-Assignment-1-Remote-Access-39634255.html