|
|
|
View Full Essay |
|---|
Associate Level Material
Appendix F
Access Control Policy
Student Name: Latosha Young
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Nadean Aragon
Date: January 16, 2012
Access Control Policy
Authentication
Every worker working for the corporation will not be able to enter the building without proper identification. Therefore we will implement photo badges that will serve as detection as to who is in the building, what they are doing, and where they are. Badges will only allow certain employees with limited access to different areas and levels.
As for employees with access to the systems each user will have their own unique username and password which cannot be shared with no other employee or individual. This way we will be able to monitor who is working on what, times, and what has been done to our clients accounts.
Access control strategy
Discretionary access control
The method is to only permit the right to use to users who have correct authorization. Principle of least privilege will be what we will go by. Using least privilege will help make certain information is kept confidential and safe. Least privilege will allow the user to access only the information that they need to do their job. The information owner will be the director of IT for the company. He or she will have the decision power to decide who had access to the information.
Mandatory access control
Mandatory Access Control (MAC) decides which users can achieve access to information based on objects and labels. Mandatory access control will not be used in Sunica Music and Movies. Seeing as MAC is mainly used in government systems this particular level of access control is not needed.
Role-based access control
Role-based access control can create groups of users that need access to the same information to get their job done. Employees will be grouped based on their role in the company and what information they need access to. Role-based access makes...