Access Control:Human Nature & Ways To Prevent Issues

How Access Control Takes Into Account Human Nature And Ways To Prevent Issues

Length, 2 – 3 pages.

All paper are written in APA formatting, include title and references pages (not counted). Must use at least two references and citations.

WE WRITE PAPERS FOR STUDENTS

Tell us about your assignment and we will find the best writer for your project

Write My Essay For Me

* paper will checked for plagiarism so please dont copy paste

Access Control, Authentication, and Public Key Infrastructure

Lesson 7

Human Nature and Organizational Behavior

Page ‹#›

IS404 Access Control, Authentication and PKI (PKI)

www.jblearning.com

09/23/10

Learning Objective and Key Concepts

Learning Objective

Define proper security controls within the User Domain to mitigate risks and threats caused by human behavior.

Key Concepts

Human resources access control considerations

User Domain security practices for human resources

Best practices for managing human risks

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

DISCOVER: CONCEPTS

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Type of Threat	Organizations Reporting Issue
Rogue Modems	47%
Media Downloading	40%
Personal Devices	40%
Unauthorized Blogging	25%
Personal Instant Messaging (IM) Accounts	24%

10 Prevalent Insider Threats (Continued)

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Type of Threat	Organizations Reporting Issue
Rogue Modems	47 %
Media Downloading	40 %
Personal Devices	40 %
Unauthorized Blogging	25 %
Personal Instant Message (IM) Accounts	24 %

10 Prevalent Insider Threats (Continued)

Source: Edward Cone, Baseline magazine, March 25, 2009

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

User Domain Access Control Management

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Account Type

Justification for Secure Access

Internal User

Accountability, Auditing, and Assurance

The actions of each user’s account must be capable of being irrefutably linked to the account and the user assigned to that account.

Non-repudiation

External Remote User

Third Party

Privileged and System Accounts (Administrators)

Secure Network Access Considerations

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

DISCOVER: PROCESS

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Pre-Employment Checks

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

What Information Can Be Considered

What Information Cannot be Considered

Applicant’s Rights

Consequences of a Bad Hiring Decision

Ongoing Observation of Personnel

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Identify Potentially Disgruntled Employees

Proper Ways to Revoke Access upon Employee Termination

DISCOVER: ROLES

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Roles and Responsibilities

Human Resources Department

Recruiting, retention, separation, development, promotion, welfare, and safety, health, and environment

Hiring Department Manager/Supervisor

Work specifications, data and application access, work supervision and review, promotion, reward, and discipline

Employee

Job knowledge and application, compliance with employment policies and procedures, and loyalty and ethical behavior

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

DISCOVER: RATIONALE

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Security Awareness Training Facts

Information technology (IT) security surveys conducted by well-known accounting firms found the following:

Many organizations have some awareness training.

Most awareness programs omitted important elements.

Less than 25% of organizations had no way to track awareness program effectiveness.

Source: http://www.lumension.com/Resources/Resource-Center/Protect-Vital-Information-Minimize-Insider-Risks.aspx

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Defining appropriate policies and procedures governing employee behavior

Educating employees about the policies and procedures relevant to them

Verifying employees’ understanding of relevant policies and procedures

Discovering and addressing behavioral shortcomings

Managing change over time

Best Practices for Managing Human Risks

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Summary

10 prevalent insider threats

User Domain access control management

Security awareness training

Best practices for managing human resources

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

09/23/10

Access Control, Authentication, and Public Key Infrastructure

Lesson 8

Access Control for Information Systems

www.jblearning.com

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Learning Objective

Implement appropriate access controls for information systems within information technology (IT) infrastructures.

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Key Concepts

The three states of data

File system access control lists

User account type privilege management

Access control best practices

Organization-wide layered infrastructure access control

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

DISCOVER: CONCEPTS

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

The Three States of Data

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Data at Rest (DAR)

Stored on some device

Archived records

Data in Motion (DIM)

Sending an e-mail

Retrieving a Web page

Data in Process

Creating a new document

Processing a payment

DIM

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Use encryption to protect stored data:

Elements in databases

Files on network and shared drives

Files on portable or movable drives, Universal serial bus (USB), and flash drives

Files and shared drives accessible from the Internet

Personal computers (PCs), laptop hard drives, and full disk encryption

Protecting DAR

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Difficult to protect since it is being operated on by the central processing unit (CPU)

Protecting DIP

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

File System Access Controls

File system access controls will include logging of user activities on the:

Files

Applications

Systems

Access Controls at Different Levels in a System

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Trust-Based Peer to Peer (P2P)

Workgroup

Role-Based Access

Group-Based Files Access

Types of File System Access Controls

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Microsoft (MS) Windows versus UNIX

File system controls in MS Windows and UNIX are different, but used to accomplish the same objective–control access to data assets

Types of File System Access Controls (Continued)

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Windows Folder Permissions

Folder security properties in Windows 8

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

3/30/2015

Windows Folder Permissions

Editing folder permissions in Windows 8

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

3/30/2015

Windows Folder Permissions

Windows 8 advanced file permissions

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

3/30/2015

UNIX-based Rights

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

3/30/2015

Changing UNIX File Permissions

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

3/30/2015

DISCOVER: PROCESS

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Layered Protection Through IT Infrastructure

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Layered Protection Through IT Infrastructure (Continued)

DMZ 2

DMZ 1

Dual DMZ Configuration

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

DISCOVER: ROLES

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Roles and Responsibilities

Role	Responsibilities
System Owner	Owns System Authorizes access Performs non-technical access control review
Network Administrator	Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties
System Administrator	Grants access to system, applications, and data Provides special access as required Creates groups and assigns users and privileges Provides backup and recovery capabilities of systems, applications, and data

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Roles and Responsibilities (Continued)

Role	Responsibilities
Application Owner	Grants access to applications that manipulate data Maintains integrity of applications and processes
Data Owner	Maintains data integrity Authorizes distribution to internal and external parties
User	Uses systems, applications, and data to perform functions Creates file Assigns data classification

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Summary

Three states of data

Protecting DIM and DAR

File system access controls

User account type privilege management

Layered protection

Roles and responsibilities

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

Virtual Lab

Managing Linux Accounts

Page ‹#›

Access Control, Authentication, and PKI

www.jblearning.com

If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:

“In this lesson, you learned about user rights and file permissions. You also explored how access controls are implemented in various operating systems, such as Microsoft Windows and UNIX-based systems.

In the lab for this lesson, you will create new user accounts on a Linux virtual machine and grant administrator privileges to one of those user accounts. You will also create two new security groups, add user accounts to those groups, and then delete one of those user accounts.”

3/30/2015

Connection from

Internet

Firewall

External Router

Border Firewall Only

Internal Network

Connection from Internet

Router

Connection from Internet

DO MY ASSIGNMENT NOW!

I lOVE this Professional essay writing website. This is perhaps the fifth time I am placing an order with them, and they have not failed me not once! My previous essays and research papers were of excellent quality, as always. With this essay writing website, you can order essays, coursework, projects, discussion, article critique, case study, term papers, research papers, research proposal, capstone project, reaction paper, movie review, speech/presentation, book report/review, annotated bibliography, and more.

Post your homework questions and get original answers from qualified tutors!

How Access Control Takes Into Account Human Nature And Ways To Prevent Issues

Related Assignments

ESSAY lIVING WILLS, DISRUPTIVE PHYSICIANS, PATIENT SAFETY IN HEALTHCARE, OR NEW REPRODUCTIVE TECHNOLOGY

His pain is being managed by an epidural CADD pump. What is this method and what are your key assessment parameters? How do your findings impact on patient care?

Zeus the Terrible in Aeschylus’ “Prometheus Bound” Essay