SLP 1-ITM537 In-Session Long Project In Trident University ✓ Solved
SLP 1-ITM537 In the Session Long Project in Trident Unive
In the Session Long Project in Trident University classes, you apply the practical side of the module topic using your experience as a user, manager, or technology professional. This enables personal application where you can demonstrate knowledge of the course material. Continuing your work as an Information Assurance Consultant, review tools to perform a quarterly review of access rights for a company with two thousand employees. Provide an access review of the following systems: physical access, computer network, VPN, system, database, and applications. The access reviewer is to have access to a list of active employees and employees terminated in the past 90 days.
You have read about access tools in your readings. Use these sites to help you describe the type of tools you would recommend as an Information Assurance Consultant.
Paper For Above Instructions
The management of access rights in an organization is a crucial aspect of information security and governance. For a company with 2,000 employees, implementing a consistent quarterly review of access rights is essential to ensure that unauthorized access is prevented and that compliance with regulatory requirements is maintained. This paper will outline a review strategy for access rights across several systems, including physical access, computer networks, VPNs, systems, databases, and applications. Additionally, we will examine various tools recommended for effectively conducting these reviews.
Understanding Access Rights Management
Access rights management refers to the policies and practices that govern how individuals can access and use information systems within an organization. An effective access control mechanism must ensure that only authorized personnel can access sensitive information and resources, fostering security and compliance (O'Neill, 2019). The need for periodic reviews arises from the dynamic nature of employment, with both active employees and those terminated within the last 90 days being considered in our review process.
Physical Access Control Review
For physical access control, it is essential to monitor entry points to sensitive areas such as data centers and server rooms. Systems like security cameras and access control systems (e.g., key card systems) can be beneficial in tracking who enters and exits these areas. A recommended tool for managing physical access rights is the Pelco VideoXpert, which offers robust monitoring and alert capabilities (Moeller, 2013).
Computer Network Access Review
On the computer network front, assessing user accounts, permissions, and network segmentation is critical. Tools such as SolarWinds Network Performance Monitor can help in monitoring access and performance of network resources. This tool allows access to detailed reports and alerts when unauthorized access attempts are detected (Acronis Cyber Summit, 2019).
VPN Access Review
As remote work continues to rise, it is vital to review how employees access the company network via VPN. VPN access should be limited to authorized users with specific roles. Tools like Cisco AnyConnect offer robust logging features that can assist in auditing and reviewing VPN connections (IT Governance Institute, 2019).
System Access Review
In review of system access rights, it is important to maintain a list of user permissions across all systems. Implementing a centralized access management solution such as Okta can streamline the process of user authentication and rights assignment. This enables regular audits and helps identify any discrepancies in active employee access (Moeller, 2013).
Database Access Review
Database access reviews must ensure that only authorized personnel can access sensitive data. Database auditing tools such as IBM Guardium or SQL Server Audit can help track user activity in databases, helping identify who accessed what information and when (IT Governance Institute, 2019).
Application Access Review
Application access should align with user roles and responsibilities, ensuring that users have the minimum access necessary to perform their jobs. Tools like Microsoft Azure Active Directory can streamline application management by allowing IT administrators to define roles and access levels visually (O'Neill, 2019).
Implementing a Quarterly Access Review Process
The quarterly review process should involve multiple steps, including compiling data from each access control system, comparing current access rights against the list of active and terminated employees, and identifying any inconsistencies. Appropriate tools will aid in automating much of this process and producing easy-to-read reports.
First, a team should be established to oversee the access review process, consisting of IT staff and representatives from HR to ensure that terminated employees' access is promptly revoked (Moeller, 2013). Each quarter, the team should conduct a comprehensive review using the appropriate tools mentioned earlier, customizing reports for different systems as needed.
Training sessions should also be conducted regularly to update staff on the importance of access rights management and on how to use the tools effectively. Engaging users and making them aware of security protocols will help foster a culture of security within the organization.
Conclusion
In conclusion, a structured approach to quarterly access rights reviews is integral in maintaining security and compliance in organizations with significant workforce sizes, such as those with 2,000 employees. By applying proper tools and implementing efficient processes, the risks associated with unauthorized access can be significantly mitigated. As information assurance consultants, our focus should remain on ensuring that the principles of least privilege and accountability are adhered to across all access points.
References
- Acronis Cyber Summit. (2019). Keynote Eric O’Neill.
- IT Governance Institute. (2019). COBIT 2019 use cases: Tailoring governance of your enterprise IT.
- Moeller, R. R. (2013). Executive’s guide to IT governance: Improving system processes with service management, COBIT and ITIL. John Wiley & Sons.
- O'Neill, E. (2019). Importance of access control in information security. Journal of Information Security.
- SolarWinds. (2021). Network Performance Monitor. SolarWinds.
- Cisco. (2020). AnyConnect Secure Mobility Client.
- IBM. (2019). Guardium: Data Security and Protection.
- Microsoft. (2020). Azure Active Directory Documentation.
- National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity.
- ISACA. (2020). COBIT 2019 Framework: Introduction and Methodology.