Unit 2 Assignment 2

Topics: Access control, Authorization, Computer security Pages: 8 (1463 words) Published: December 29, 2014
An access control policy should be established, documented and periodically reviewed, based on business needs and external requirements. Access control policy and associated controls should take account of: - Security issues for particular data systems and information processing facilities, given business needs, anticipated threats and vulnerabilities; - Security issues for particular types of data, given business needs, anticipated threats and vulnerabilities; - Relevant legislative, regulatory and certificatory requirements; - Relevant contractual obligations or service level agreements; - Other organizational policies for information access, use and disclosure; and - Consistency among such policies across systems and networks.

Access control policies generally should include:
- Clearly stated rules and rights based on user profiles;
- Consistent management of access rights across a distributed/networked environment; - An appropriate mix of administrative, technical and physical access controls; - Administrative segregation of access control roles -- e.g., access request, access authorization, access administration; - Requirements for formal authorization of access requests

- Requirements for authorization and timely removal of access rights ("de-provisioning").

The following procedure guide would allow Ken 7 Windows Limited IT department to easily manage their access control changes:

Policy
Ken 7 Windows Limited has chosen to adopt the Access Control principles established in NIST SP 800-53 “Access Control,” Control Family guidelines, as the official policy for this domain. The following subsections outline the Access Control standards that constitute Ken 7 Windows Limited policy. Each Ken 7 Windows Limited Business System is then bound to this policy, and must develop or adhere to a program plan which demonstrates compliance with the policy related the standards documented.

Access Control Procedures: All Ken 7 Windows Limited Business Systems must develop, adopt or adhere to a formal, documented access control procedure that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Account Management: All Ken 7 Windows Limited Business Systems must: - Identify account types (i.e., individual, group, system, application, guest/anonymous, and temporary). - Establish conditions for group membership.

- Identify authorized users of the information asset and specifying access privileges. - Require appropriate approvals for requests to establish accounts. - Establish, activate, modify, disable, and remove accounts. - Specifically authorize and monitor the use of guest/anonymous and temporary accounts. - Notify account managers when temporary accounts are no longer required and when information asset users are terminated transferred, or information assets usage or need-to-know/need-to-share changes. - Deactivate temporary accounts that are no longer required and accounts of terminated or transferred users. - Grant access to the system based on (1) valid access authorization, (2) intended system usage, and (3) other attributes as required by the organization or associated missions/business functions. - Review accounts on a periodic basis or at least annually.

Access Enforcement: All Ken 7 Windows Limited Business Systems must enforce approved authorizations for logical access to the system in accordance with applicable policy.

Information Flow Enforcement: All Ken 7 Windows Limited Business Systems must enforce approved authorizations for controlling the flow of information within the system and between interconnected systems in accordance with applicable policy.

Separation of Duties: All Ken 7 Windows Limited Business Systems must: - Separates duties of individuals as necessary, to prevent malevolent activity without collusion. - Document separation of duties.

- Implements separation of duties...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Unit 2 Assignment 2 Essay
  • Essay about Unit 2
  • unit 2 Essay
  • IS3340-Unit 2-Assignment 2 Essay
  • Unit 2 Assignment 2 Essay
  • Essay about unit 2 assignment 2
  • Essay about UNIT 2 Assignment 2
  • Essay about Unit 2 Assignment 2

Become a StudyMode Member

Sign Up - It's Free