In your own words, answer this unit’s discussion questions in a main post
Assignment Details
In your own words, answer this unit’s discussion questions in a main post (recommended minimum 300 words), and respond to at least 2 peers’ postings (recommended minimum 75 words).
As you begin to perform the information systems audit for LSS, assume the identity of a different person in the scenario. For this Discussion Board, you are now the network systems manager for LSS.
Create 3 controls (or policies) used by LSS:
One user account control
One access control (Discuss Mandatory and Role-Based Access Controls)
One database access control (Discuss security, integrity, and system availability)
Each control should focus on a specific topic and only focus on the policy portion of a formal policy (that is, state the expected responsibility of employees).
Response Needed:
According to Smith 2018, making sure individuals are following password requirements is important. In our company, employees must use an 8-10 password length. There must be at least one number and one special character. This will ensure our employees passwords are harder to guess or hack.
According to Rouse n.d., only system administrators should be able to change access controls for users. What this means is the system administrators should be the only ones to allow or deny access controls to things on the computer system. What this means for employees is that they will not have access to deny or allow controls. This is important so users cannot block each other and cannot see documents they are not supposed to have access to.
Role based access control means employees only have access to the information they need to do their jobs. For example, a janitor at a hospital would not need access to a computer with patient information. What this means for employees is they will have the information to do their job, but they will not receive any additional information.
Database access control in relation to security means individuals should not have access to the database who do not need the access. This is important because the database can be compromised if an unauthorized user has access to the database. What this means is employees who do not need access to the database will not be allowed to access the database. Employees who are allowed to access the database must act with integrity. What this means is no information should be taken and used for ill purposes. The system will only be available for the individuals who need to use the system all other individuals should not have access to the system.
References:
Rouse. (n.d.). Retrieved from https://searchsecurity.techtarget.com/definition/mandatory-access-control-MAC on April 23, 2020.
Smith. (2018). Retrieved from https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-16-account-monitoring/ on April 23, 2020.
Response needed:
ITAS365 – Unit 4 DB
Jeremiah Lupton
American InterContinental University
For this week’s DB we are required to create three controls or policies that are to be utilized by LSS. As one may imagine this is a critical component when dealing with the security of network systems. Controls and policies are important as it is the set of rules implemented to ensure the safe navigation and distribution of data. They are created to ensure that no end-user gains more or less access than required to successfully carry out their jobs.
User Account Control is a security mechanism that utilizes Mandatory Access Controls on Window OS to prevent unauthorized changes to it. How this works as you can add permissions to enable a feature that will prevent any end-user other than the administrator from carrying out certain task. (Rusen, 2017) These modifications may be commenced by applications, end-users, viruses or malware. However, if the modifications aren’t approved by the administrator, they will not be implemented.
Access Control is an important security technique that allows for the regulation of whom and what may be accessed within a virtual environment. Role-based Access Controls limit who has access to what data, and what areas of not only the virtual environment but physical areas as well. In order to add RBAC, role definitions, assignments, and scope must be created. (Azure, 2020) I would utilize this method in addition to mandatory access controls as this will allow for a more strict and secure method by allowing only the administration to create, modify, and/or delete policies and control.
Database Access Control consist of a process that allows access to confidential information only upon the event that they were granted access. If they are not an authorized end-user access to the company’s database will be restricted. (Data Sunrise, 2020) This goes hand and hand with RBAC and MAC as mentioned above as to carry out securing the database two main things that must be present authentication and authorization.
References
Azure. (2020, April 17). What is role-based access control (RBAC) for Azure Resources. Retrieved from Microsoft Azure: https://docs.microsoft.com/en-us/azure/role-based-…
Data Sunrise. (2020, March 31). What is Access Control in Database Security. Retrieved from Data Sunrise: https://www.datasunrise.com/blog/professional-info…
Rusen, C. A. (2017, July 11). What is UAC and why you should never turn it off. Retrieved from Digital Citizen: https://www.digitalcitizen.life/uac-why-you-should…
Image preview for in your own words answer this unit’s discussion questions in a main post
APA
659 words