During your first week as an Information Systems Security director, you met with the Chief Information Officer (CIO). During the meeting, he revealed to you his deep concerns regarding the security features that control how users and systems communicate and interact with other systems and resources.
The CIO asks you to develop access control in a well-organised and appropriately documented program. The program and measures that your company’s senior managers will implement must be properly designed and put into policy.
One common approach to designing access control is to use categories of access controls to effectively document and communicate policy to the user community. These controls can logically prevent users from violating policy.
They can also determine when violations have occurred and take action when violations take place. Finally, these controls can dictate how the organisation will return to normal conditions after violations take place.
However, another way to classify and categorise access controls is by their method of implementation. For any of the access control categories, the controls in those categories can be implemented in one of three ways: Administrative, Logical, or Physical. Explain each access control type and provide implementation recommendations for managers.
While there is not a specific page requirement for this assignment, students are required to fully develop ideas and answer questions to the point that no further questions are left in the mind of the reader.
If the instructor can clearly find the answers to their questions, the ideas within the report are fully developed. If there are unanswered or under-answered questions, further development of the report is required.
Keep the following in mind: