As you begin to perform the information systems audit for LSS, assume the identity of a different person in the scenario. For this Discussion Board, you are now the network systems manager for LSS.
Create 3 controls (or policies) used by LSS:
One user account control
One access control (Discuss Mandatory and Role-Based Access Controls)
One database access control (Discuss security, integrity, and system availability)
Each control should focus on a specific topic and only focus on the policy portion of a formal policy (that is, state the expected responsibility of employees).
According to Smith 2018, making sure individuals are following password requirements is important. In our company, employees must use an 8-10 password length. There must be at least one number and one special character. This will ensure our employees passwords are harder to guess or hack.
According to Rouse n.d., only system administrators should be able to change access controls for users. What this means is the system administrators should be the only ones to allow or deny access controls to things on the computer system. What this means for employees is that they will not have access to deny or allow controls. This is important so users cannot block each other and cannot see documents they are not supposed to have access to.
Role based access control means employees only have access to the information they need to do their jobs. For example, a janitor at a hospital would not need access to a computer with patient information. What this means for employees is they will have the information to do their job, but they will not receive any additional information.
Database access control in relation to security means individuals should not have access to the database who do not need the access. This is important because the database can be compromised if an unauthorized user has access to the database. What this means is employees who do not need access to the database will not be allowed to access the database. Employees who are allowed to access the database must act with integrity. What this means is no information should be taken and used for ill purposes. The system will only be available for the individuals who need to use the system all other individuals should not have access to the system.
Rouse. (n.d.). Retrieved from https://searchsecurity.techtarget.com/definition/mandatory-access-control-MAC on April 23, 2020.
Smith. (2018). Retrieved from https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-16-account-monitoring/ on April 23, 2020.
ITAS365 – Unit 4 DB
American InterContinental University
For this week’s DB we are required to create three controls or policies that are to be utilized by LSS. As one may imagine this is a critical component when dealing with the security of network systems. Controls and policies are important as it is the set of rules implemented to ensure the safe navigation and distribution of data. They are created to ensure that no end-user gains more or less access than required to successfully carry out their jobs.
User Account Control is a security mechanism that utilizes Mandatory Access Controls on Window OS to prevent unauthorized changes to it. How this works as you can add permissions to enable a feature that will prevent any end-user other than the administrator from carrying out certain task. (Rusen, 2017) These modifications may be commenced by applications, end-users, viruses or malware. However, if the modifications aren’t approved by the administrator, they will not be implemented.
Access Control is an important security technique that allows for the regulation of whom and what may be accessed within a virtual environment. Role-based Access Controls limit who has access to what data, and what areas of not only the virtual environment but physical areas as well. In order to add RBAC, role definitions, assignments, and scope must be created. (Azure, 2020) I would utilize this method in addition to mandatory access controls as this will allow for a more strict and secure method by allowing only the administration to create, modify, and/or delete policies and control.
Database Access Control consist of a process that allows access to confidential information only upon the event that they were granted access. If they are not an authorized end-user access to the company’s database will be restricted. (Data Sunrise, 2020) This goes hand and hand with RBAC and MAC as mentioned above as to carry out securing the database two main things that must be present authentication and authorization.
Azure. (2020, April 17). What is role-based access control (RBAC) for Azure Resources. Retrieved from Microsoft Azure: https://docs.microsoft.com/en-us/azure/role-based-…
Data Sunrise. (2020, March 31). What is Access Control in Database Security. Retrieved from Data Sunrise: https://www.datasunrise.com/blog/professional-info…
Rusen, C. A. (2017, July 11). What is UAC and why you should never turn it off. Retrieved from Digital Citizen: https://www.digitalcitizen.life/uac-why-you-should…
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
At homeworkcheg.com, You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with at HomeworkCheg, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more