In The Session Long Project In Trident University Classes ✓ Solved

In the Session Long Project in Trident University classes

In the Session Long Project in Trident University classes, you apply the practical side of the module topic using your experience as a user, manager, or technology professional. This enables personal application where you can demonstrate knowledge of the course material. Continuing your work as an Information Assurance Consultant, review tools to perform a quarterly review of access rights for a company with two thousand employees. Provide an access review of the following systems: physical access, computer network, VPN, system, database, and applications. The access reviewer is to have access to a list of active employees and employees terminated in the past 90 days. The paper needs to be 3-5 pages long, APA format, heading, title page, introduction, body, conclusion, reference page.

Paper For Above Instructions

Access Rights Review: Ensuring Security in a 2000-Employee Company

Introduction

Access rights management is a critical aspect for organizations, especially those with a large number of employees, such as a company with two thousand employees. Access rights determine who can view or use resources in a computing environment. As an Information Assurance Consultant, it is essential to conduct a quarterly review of access rights across various systems including physical access, computer networks, VPNs, systems, databases, and applications. This paper presents a comprehensive approach to performing an access review and highlights best practices for ensuring the security of sensitive information.

Understanding the Scope of Access Rights

Access rights predominantly encompass physical access to facilities, network access, and application access, effectively guarding against unauthorized usage. In an organization with a sizeable workforce, systematic control measures must be implemented to manage access rights efficiently. In the following sections, we will elaborate on five key systems requiring review: physical access, computer network, VPN, systems, databases, and applications.

Physical Access Review

The physical access control system monitors entry to physical premises. Security measures may include ID badges, biometric scanners, and security personnel. The main objective is to ascertain that only authorized personnel can enter sensitive areas. For conducting a physical access review:

  • Audit Access Logs: Regularly review logs to ensure that access was granted only to recognized individuals.
  • Verify Credentials: Cross-check employee access with the current employee database and terminate access for individuals who have recently left the organization.
  • Assess Visitor Protocols: Ensure that visitor access is logged and monitored to prevent unauthorized entry.

Computer Network Access Review

The computer network serves as the backbone for internal and external communications. A thorough network access review requires:

  • Network User Accounts: Validate that user accounts are current and only assigned to active employees.
  • Review Group Policies: Assess network group permissions to ensure they align with current job responsibilities.
  • Monitor Access Patterns: Identify unusual access or connection attempts that indicate potential security breaches.

VPN Access Review

With remote work becoming commonplace, securing VPN access is crucial. The VPN access review should provide insights into:

  • Access Control Lists (ACLs): Review ACLs to confirm that only authorized employees and devices can connect remotely.
  • Session Logs: Analyze VPN session logs for anomalies and unauthorized access attempts.
  • Terminate Access for Departed Employees: Adjust VPN access rights immediately when an employee is terminated or leaves the company.

System Access Review

Access to critical systems, especially those containing sensitive data, must be meticulously controlled:

  • Role-Based Access Control (RBAC): Ensure that system access adheres to the principle of least privilege.
  • User Activity Monitoring: Regularly monitor user activities on systems to detect any breaches in access rights.
  • Regular Software Updates: Ensure that all systems are patched promptly to mitigate vulnerabilities.

Database Access Review

Database access is vital for maintaining data integrity and confidentiality. The review process should include:

  • User Permissions Review: Check user permissions to ensure only those needing access for their job functions have it.
  • Audit Database Logs: Keep logs of who accessed what data and when, to identify unusual patterns.
  • Data Encryption: Enforce data encryption policies to protect sensitive information.

Application Access Review

Access reviews should extend to all applications within the organization to ensure compliance and security:

  • Application User Accounts: Regularly confirm that application user accounts correspond to active employee accounts.
  • Assess User Training: Ensure that users are trained on secure application usage to prevent internal vulnerabilities.
  • Monitor Application Performance: Check for errors or potential breaches that could provide insight into unauthorized access.

Conclusion

Performing a thorough access rights review is paramount in maintaining the security and integrity of organizational information. By systematically reviewing access across physical facilities, computer networks, VPNs, systems, databases, and applications, organizations can identify vulnerabilities and take appropriate corrective actions. This regular vigilance is crucial in protecting sensitive data and ensuring compliance with regulations, ultimately reinforcing trust among employees and clients alike.

References

  • Briney, A. (2021). Understanding Access Control Systems. Journal of Information Security, 12(3), 45-57.
  • Calder, A., & Watkins, S. (2018). Implementing Information Security Management Systems. IT Governance Publishing.
  • Kim, D., & Lee, J. (2019). Access Control and Its Relation to Security Policies. Cybersecurity Journal, 15(4), 88-102.
  • Rao, P., & Kumar, M. (2020). Securing Corporate Networks through Access Management. Journal of Cyber Information, 11(1), 32-40.
  • Rook, G. (2022). Access Control: Concepts and Techniques. International Journal of Computer Science, 20(1), 12-22.
  • Smith, J. (2020). The Role of Access Control in Corporate Security. Cybersecurity Review, 8(3), 75-80.
  • Tan, W. (2021). Database Security and Access Management Strategies. Data Science Review, 14(2), 56-61.
  • Wang, Y., & Zhou, Q. (2020). Evaluating VPN Security: A Practical Guide. Journal of Network Security, 9(7), 55-63.
  • Yin, H. (2021). The Importance of Physical Access Control in Organizations. Security Management Magazine, 10(4), 22-30.
  • Zeid, I. (2019). Cybersecurity Best Practices: Access Rights Management. Journal of Information Systems Security, 14(2), 15-27.

Related Assignments