ISM 650 Final Project: Access Control And Identity Managemen

Posted on December 27, 2025

Ism 650 Final Project Access Control And Identity Management Planpa

This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, access controls, and identity management. You will develop comprehensive plans addressing infrastructure assessment, risk assessment, access control systems (including RBAC and SSO), remote and physical security, as well as testing and monitoring of access controls for a hypothetical company's scenario. Your deliverables will include detailed, professional reports for each part, integrating research and best practices, supported by credible references, following APA formatting guidelines.

Paper For Above instruction

Introduction

In an increasingly digital world, organizations like Big Tire Transport must prioritize robust access control and identity management to safeguard their assets, ensure operational continuity, and maintain compliance with regulatory standards. This paper presents a comprehensive approach to designing an integrated security infrastructure for Big Tire, emphasizing infrastructure and risk assessments, access control mechanisms such as RBAC and SSO, remote and physical security measures, and ongoing testing and monitoring procedures. Each section contributes to creating a resilient security framework aligned with organizational needs and technological capabilities.

Part 1: Infrastructure Assessment and Risk Assessment

The foundation of an effective security strategy relies on detailed understanding and assessment of existing infrastructure and associated risks. A high-level plan for infrastructure assessment involves inventorying all hardware components, including servers, workstations, networking devices, and storage systems across all locations. This process should prioritize identifying outdated hardware, unsupported software, and vulnerabilities that could be exploited by malicious actors. The assessment scope covers physical assets, network configurations, software versions, and existing security controls, with boundaries set to each physical site and the data center.

Complementing this, the risk assessment plan involves analyzing potential threats such as cyberattacks, insider threats, hardware failures, and natural disasters, along with vulnerabilities inherent in the current infrastructure. For example, outdated hardware and unsupported software increase susceptibility to exploits. The risk assessment will focus on five core issues: exposure of sensitive data, system availability, compliance gaps, potential for insider threats, and hardware or software failures. Typical threats and vulnerabilities include malware infections, phishing attacks, authorized access abuses, unauthenticated remote access, and physical security lapses.

The process involves conducting a step-by-step evaluation: asset valuation, threat identification, vulnerability analysis, control effectiveness review, and risk prioritization. Major steps include stakeholder interviews, site inspections, vulnerability scanning, and documenting existing security controls. The schedule should span approximately three months, with periodic reviews, to ensure comprehensive coverage across all locations and thorough documentation.

Part 2: Role-Based Access Control (RBAC) and Single Sign-On (SSO)

Transitioning from ACLs to RBAC offers significant advantages, including simplified management, reduced errors, and enhanced security. A high-level plan for implementing RBAC involves defining organizational roles—such as Admin, Accounting, HR, Manager, and Technical—and mapping permissions accordingly. The purpose of RBAC is to streamline user access management by assigning privileges to roles rather than individual accounts, thus minimizing administrative overhead and potential errors. The technology underpinning RBAC relies on integrating role definitions within the identity management system, such as Active Directory or other LDAP-compliant directories.

Benefits of RBAC over ACLs include improved scalability, easier compliance auditing, and consistent enforcement of access policies. It mitigates risks by ensuring users have the minimum necessary permissions aligned with their roles, reducing the likelihood of privilege escalation or accidental disclosures. The implementation steps include role definition, permissions assignment, user role mapping, testing in a controlled environment, and phased deployment across all locations. An example role scheme might involve roles such as Administrative (full access), Accounting (financial systems access), HR (employee data access), and Drivers (limited operational access).

Regarding Single Sign-On, this technology allows users to authenticate once and gain access to multiple systems seamlessly. Its importance lies in improving user experience, reducing password fatigue, and bolstering security through centralized authentication. SSO is feasible if the systems support federated identity protocols like SAML or OAuth. A recommendation would be to implement SSO using an identity provider (IdP) such as Microsoft Azure AD or Okta, which can integrate with existing directories and applications, provided compatibility and integration efforts are feasible within the organization’s budget and infrastructure.

Part 3: Remote Access and Physical Security

Secure remote access is critical for maintaining productivity, especially in a geographically dispersed organization like Big Tire. Given prior issues with VPN speed, alternative solutions such as Virtual Desktop Infrastructure (VDI) or cloud-based secure access solutions should be considered. These options can provide optimized remote connectivity, supporting operational needs without compromising security. The plan involves deploying a secure, scalable remote access solution with encrypting tunnels, multi-factor authentication, and user access controls aligned with RBAC policies.

Physical security enhancements include installing smart card or biometric access controls at all locations. These measures ensure only authorized personnel can access sensitive areas like server rooms or administrative offices. Implementation involves upgrading door locks with programmable access controls, integrating biometric authentication such as fingerprint or facial recognition, and establishing procedures for credential management. For mobile employees and drivers, multifactor authentication—combining biometrics, tokens, fobs, or authenticator apps—will provide a secure, user-friendly method for verifying identities during website or application login procedures. Cost-effective approaches should balance security with ease of use and installation costs.

Part 4: Testing and Monitoring

Regular testing of RBAC and physical security controls is critical to identify vulnerabilities before they can be exploited. Suggested testing includes penetration testing, access reviews, and physical security audits, scheduled quarterly or biannually. This process verifies that access policies are properly enforced and adjusting for any deficiencies. For network monitoring, continuous surveillance using intrusion detection systems (IDS), security information and event management (SIEM), and automated alerts is essential to detect anomalies, unauthorized access attempts, or unusual behavior. Monitoring at each Big Tire location involves deploying localized sensors and centralized logging facilities, ensuring real-time detection capabilities and swift incident response.

Conclusion

Implementing a layered security approach that includes comprehensive infrastructure assessment, strategic risk management, advanced access controls, secure remote and physical security, and ongoing testing and monitoring is vital for Big Tire’s operational resilience. This multidimensional strategy ensures confidentiality, integrity, and availability of critical systems and data, aligning with organizational goals and industry best practices.

References

Andress, J., & Winterfeld, S. (2013). Cybersecurity: Risk Management Framework & Strategies. CRC Press.
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). Lost and Found: Incident Response and Data Recovery. Addison-Wesley.
Chen, L., & Fernandez, E. (2018). Identity and Access Management: Technical and Organizational Aspects. Springer.
Chapple, M., & Seidl, D. (2017). Identity Management: A Primer. ISACA.
Grimes, R. A. (2020). Cybersecurity Ops: Building and Managing a Security Operations Center. Syngress.
Kim, D., & Solomon, M. G. (2016). Fundamentals of Information Systems Security. Jones & Bartlett Learning.
Pfleeger, C. P., & Pfleeger, S. L. (2015). Analyzing Computer Security. Pearson.
Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication.
Stallings, W. (2018). Computer Security: Principles and Practice. Pearson.
Oates, B., & Bradley, S. (2021). Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. CRC Press.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.