IS3230 Unit 4 Assignment 1 Chris Wigint

Powerful Essays
IS3230 Unit 4 Assignment 1
Chris Wiginton
ITT Technical Institute, Tampa FL
Instructor: David Marquez
14 April, 2014

Access Control Plan
INTRODUCTION
This Dragon Net Solutions (DNS) Access Control and Account Management Plan details the access control and account management activities for Dragon Net Solutions. It facilitates compliance with the National Institute of Standards and Technology’s (NIST) Recommended Security Controls for Federal Information Systems (NIST 800-53) and the NIST Guide for Accessing the Security Controls in Federal Information Systems (NIST 800-53A). Specifically, the following NIST Access Controls (AC) are addressed:
AC-1 Access Control Policy and Procedures
AC-2 Account Management
AC-3 Access Enforcement
AC-5 Separation of Duties
AC-6 Least Privilege
This Plan also relates to three
Dragon Net Solutions (DNS)
Date: April 14, 2014
SECURITY IMPLEMENTATION
Security implementation responsibilities focus on implementing the access controls and account management processes outlined in this Plan. The following positions are responsible for security implementation:
CTSP/SA
Privileged User
Basic User
ACCESS CONTROL REQUIREMENTS
All access control requirements are commensurate with the user’s duties at a particular incident. For DNS, access control is implemented in accordance with the following principles:
Access Enforcement
Least Privilege
Separation of Duties
ACCESS ENFORCEMENT
Automated Rules of Behavior (ROB) are implemented. There are three different ROBs:
1. Privileged: Users with DB Admin role
2. DNS: Users without DB Admin role who are DNS employees
3. Non-DNS: Users without DB Admin role who are not DNS employees. This includes MAD employees.
Privileged Users will be presented the ROB for Users with Privileged Access to Information Systems. Non-Privileged Users are required to select the appropriate ROB at first login per database prior to receiving access to the application. If a user elects to decline the ROB, access to

You May Also Find These Documents Helpful

  • Satisfactory Essays

    IS3230 Unit 3 Assignment 1 Chris Wiginton ITT Technical Institute, Tampa FL Instructor: David Marquez 7 April, 2014 The data classification policy is intended to provide a framework for classifying a company’s data based on its level of sensitivity. Data classification entails analyzing the data an organization retains, determining its importance and value, and then assigning it to a category. Data is classified to help determine baselines for security controls in that will be implemented…

    • 288 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Segregation of Duties Matrix (System User-Rights and Permissions Department Jennifer Buster Bradley Lloyd LuEllen Robert Spare Sam Receiving RO RO RO RO RO F BP RO Shipping RO F RO RO F RO BP RO Sales F RO RO RO RO N BP RO Accounts Payable BP N RO N N N BP RO Jennifer’s full time position as Sales would need Sales access for her primary position. She should only have By Position access to Accounts Payable when she is working that position. She would need Read Only for Shipping and Receiving in order…

    • 252 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    The U.S. Federal and State compliance laws in regards to data protection affect all financial institutions in that non-compliance will result in fines and penalties. ABS Financial Solutions handles sensitive data for many credit unions and without regulations governing data security there would be no repercussions when private information is mishandled, lost or stolen. ABS understands their responsibility for protecting their client’s data and the threat of the retribution both federal and civil…

    • 407 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    IS3220 Unit 2 Assignment 1 Chris Wiginton ITT Technical Institute, Tampa FL Instructor: Sherman Moody 26 September, 2014 Corporation Tech will face many security risks with their current network. The user domain is the single most vulnerable part of any network and as such poses the most obvious security risk. To mitigate risks involving the users is to implement policies and training to educate the user on proper use and security best practices. By educating the user on security practices…

    • 612 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Dec 17, 2013 IS3120 Unit1 Unit 1 Assignment 1 The Johnson Company is a small business that provides networking components and services. They are in need of new methods of communication for reaching out to new customers, standing out from other businesses, meeting existing customer needs, and keeping customers informed of news and updates. The Johnson Company still uses analog phone lines and still takes customer orders by hand. Their only current method of advertising is an ad in the yellow…

    • 352 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Unit 10 Assignment 1 Tony Stark ITT Technical Institute Access Control IS3230 Katie Lech February 26, 2015 Unit 10 Assignment 1 In this scenario, the fitness club was hacked from an unknown source. The fitness club has contracted Malcom Testing Solutions to do penetration tests and find any vulnerabilities along with make some security changes to prevent this issue from happening again. The security policies need to be changed as far as account management. For starters, the security policies for…

    • 550 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    Unit 1 Assignment 4

    • 1458 Words
    • 8 Pages

    BTEC Assignment Front Sheet (Centre No: 11058) Learner Name: Qualification: BTEC Level 3 Extended Diploma In Engineering (FW267) Unit Title: Health and Safety In the Engineering Workplace (T/600/0249) Unit Number: 1 Assignment Title: The concept of RIDDOR and the use of accident data Assignment No: 4 Hand in dates and times: Date of Issue: 02/09/2013 Submission is: Hand in/Due Date: 11/06/2014 ON TIME □ / LATE □ Copied work will be graded as a FAIL and disciplinary action may…

    • 1458 Words
    • 8 Pages
    Powerful Essays
  • Satisfactory Essays

    Unit 4 Assignment 1

    • 558 Words
    • 2 Pages

    Jonathan Riley Kellie Riddell 4/28/14 Communications Unit 4 Assignment 1: Power and Communication Language discrimination has been prevalent in society for thousands of years. This has been something that happens in every civilization and will not stop now. Language discrimination is unfair treatment of an individual by the way that they compose themselves in a verbal matter. What I mean by this is to treat someone unjust because of factors such as accents, vocabulary size, or just that they speak…

    • 558 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Unit 4 Assignment 1

    • 2295 Words
    • 10 Pages

    Unit 4 Assignment 1 Chosen business: Tesco Task 1 (P1) There are different types of information that Tesco use these are: - Verbal information: This is spoken information it could come from the customer, it could also come from Tesco if they let any promotions over the tannoy. - Written information: This is information that is written in a document, Tesco uses this type of information in its leaflets, receipts and collects this information from customers through comment cards etc. - Onscreen…

    • 2295 Words
    • 10 Pages
    Better Essays
  • Satisfactory Essays

    IS3230 Week 5 Assignment 1 – Scope of Work for Penetration Test The Fitness Club has unfortunately already been the victim of hacking that took place on their web server. They are unsure if this was due to a former disgruntled employee or if this was from a different party altogether. Malcolm Testing Solutions has been tasked with creating a penetration test plan in order to prevent future hacking attacks of attack on the Fitness Club’s network. The main objective of the assessment is to provide…

    • 468 Words
    • 2 Pages
    Satisfactory Essays