Scribd
Upload
914 views

NT2580 Week 3, Assignment 3-1

The document outlines an assignment to design a remote access control policy for Richman Investments, an investment firm with offices across North America and plans to expand globally. The policy must include appropriate access controls for systems, applications, and data. The student proposes using Role Based Access Control (RBAC) to define user roles and responsibilities across locations. A security administrator would further define access levels for each role and designate system/data access. Non-Discretionary Access Controls would be used to monitor access. The access control policy should establish, document, and regularly review access rules based on business needs. It should include administrative, technical, and physical controls to consistently manage access rights across the network. Formal authorization of

Uploaded by

MahlikBrown
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
914 views

NT2580 Week 3, Assignment 3-1

The document outlines an assignment to design a remote access control policy for Richman Investments, an investment firm with offices across North America and plans to expand globally. The policy must include appropriate access controls for systems, applications, and data. The student proposes using Role Based Access Control (RBAC) to define user roles and responsibilities across locations. A security administrator would further define access levels for each role and designate system/data access. Non-Discretionary Access Controls would be used to monitor access. The access control policy should establish, document, and regularly review access rules based on business needs. It should include administrative, technical, and physical controls to consistently manage access rights across the network. Formal authorization of

Uploaded by

MahlikBrown
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 4

Davonte Brown

6-32-14
Unit 3 assignment
ITT Technical Institute
3825 West Cheyenne Avenue, Suite 600
North Las Veas, Neva!a 8"032
NT2580 Intro!uction to In#or$ation Security
Wee% 3, &nit 3 ' A((ro(riate Access Controls #or Syste$s, A((lications an! )ata Access
Assignment
Unit 3 Assignment 1: Remote Access Control Policy Definition
Learnin *+,ectives an! *utco$es
You will learn how to design a remote access control policy definition for an ! infrastructure"
Assin$ent -e.uire$ents
#ichman nvestments is an investment and consulting firm" !he company wants to e$pand its %usiness operations %oth in
the U"&" and in foreign countries" t intends to eventually have 1'(''' employees in 2' countries"
!he #ichman corporate head)uarters is located in *hoeni$( +ri,ona" -urrently( there are eight %ranch offices in.
+tlanta( /eorgia
-hicago( llinois
-incinnati( 0hio
Denver( -olorado
1os +ngeles( -alifornia
2ontreal( -anada
3ew Yor4 -ity( 3ew Yor4
5ashington( D"-"
!he 3orth +merican offices have a total of 6(''' employees who use des4tops( mo%ile computers( and wireless devices"
!he *hoeni$ office has an nternet connection to all remote offices %ecause redundancy is e$tremely important to the
company" !here are several sensitive applications that all offices use" !he management from each office share application
information that is hosted at the corporate office"
Design a remote access control policy for #ichman using the appropriate access controls for systems( applications( and
data access" nclude the design and 7ustification for using the selected access controls for systems( applications( and data
access"

3!268' ntro to nformation &ecurity *age 1 of 4 5ee4 3( Unit 3
&teve !odd
Davonte Brown
6-32-14
Unit 3 assignment
-e.uire! -esources
3one
Su+$ission -e.uire$ents
9ormat. 2icrosoft 5ord
9ont. !imes 3ew #oman( &i,e 12( Dou%le-&pace
-itation &tyle. +*+ 6 v2
1ength. 1:2 pages
Due By. 11.6; *2 11 0cto%er 2'13
Sel#/Assess$ent Chec%list
have correctly designed a remote access control policy for the given scenario"
have correctly selected appropriate access controls for systems( applications( and data access"
have included my 7ustification for using the selected access controls for systems( applications( and data access"
Role Base access Control or RBAC, this will work well with the Non-Discretionary Access Control
model, which will be detailed in the next paragraph. RBAC is defined as setting permissions or granting
access to a grop of people with the same !ob roles or responsibilities . "ith many different locations
along with many different sers it is important to identify the different sers and different workstations
within this network. #$ery effort shold be dedicated towards pre$enting ser to access information they
shold not ha$e access to. Non-Discretionary Access Control is defined as controls that are monitored by
a secrity administrator.
"hile RBAC identifies those with permissions, it is a secrity administrator that shold frther identify
the le$el of access to each Role that is created. %he secrity administrator shold also designate certain
sers or workstations access to the information a$ailable within the network.
Rle Base Access Control can also be linked to the first two model. &RBAC and Non-Discretionary', and
is similar to RBAC. Rle Based Access Control is a set of rles to determine which sers ha$e access to.
Access control policy. An access control policy shold be established, docmented and periodically
3!268' ntro to nformation &ecurity *age 2 of 4 5ee4 3( Unit 3
&teve !odd
Davonte Brown
6-32-14
Unit 3 assignment
re$iewed, based on bsiness needs and external re(irements. Access control policy and associated
controls cold take accont of)
*ecrity isses for particlar data systems and information processing facilities, gi$en bsiness needs,
anticipated threats and $lnerabilities+
*ecrity isses for particlar types of data, gi$en bsiness needs, anticipated threats and
$lnerabilities. ,ere are some good examples of control accesses
Rele$ant legislati$e, reglatory and certificatory re(irements+
Rele$ant contractal obligations or ser$ice le$el agreements+
-ther organi.ational policies for information access, se and disclosre+ and
Consistency among sch policies across systems and networks.
Access control policy content / Access control policies generally shold inclde)
Clearly stated rles and rights based on ser profiles+
Consistent management of access rights across a distribted0networked en$ironment+
An appropriate mix of administrati$e, technical and physical access controls+
Administrati$e segregation of access control roles -- e.g., access re(est, access athori.ation, access
administration+
Re(irements for formal athori.ation of access re(ests &1pro$isioning1'+ and
3!268' ntro to nformation &ecurity *age 3 of 4 5ee4 3( Unit 3
&teve !odd
Davonte Brown
6-32-14
Unit 3 assignment
Re(irements for athori.ation and timely remo$al of access rights &1de-pro$isioning1'. 2 wold se
the $ery best data protection for my data 2 wold se the best of the best like a good $irs protection
like malware. %hat was my essay hope yo learned a lot.
http)00www.stdymode.com0essays03nit-4-Assignment-5-Remote-Access-467489::.html
http://it.med.miami.edu/x2232.xml
3!268' ntro to nformation &ecurity *age 4 of 4 5ee4 3( Unit 3
&teve !odd

You might also like