Access Control:Human Nature & Ways To Prevent Issues

How Access Control Takes Into Account Human Nature And Ways To Prevent Issues

Length, 2 – 3 pages.

All paper are written in APA formatting, include title and references pages (not counted). Must use at least two references and citations.

* paper will checked for plagiarism so please dont copy paste

 

Access Control, Authentication, and Public Key Infrastructure

Lesson 7

Human Nature and Organizational Behavior

© ITT Educational Services, Inc. All rights reserved.

Page ‹#›

IS404 Access Control, Authentication and PKI (PKI)

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

1

1

Learning Objective and Key Concepts

Learning Objective

Define proper security controls within the User Domain to mitigate risks and threats caused by human behavior.

Key Concepts

Human resources access control considerations

User Domain security practices for human resources

Best practices for managing human risks

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

2

2

DISCOVER: CONCEPTS

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

3

Type of Threat Organizations Reporting Issue
Rogue Modems 47%
Media Downloading 40%
Personal Devices 40%
Unauthorized Blogging 25%
Personal Instant Messaging (IM) Accounts 24%

10 Prevalent Insider Threats (Continued)

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

4

Type of Threat Organizations Reporting Issue
Rogue Modems 47 %
Media Downloading 40 %
Personal Devices 40 %
Unauthorized Blogging 25 %
Personal Instant Message (IM) Accounts 24 %

10 Prevalent Insider Threats (Continued)

Source: Edward Cone, Baseline magazine, March 25, 2009

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

5

User Domain Access Control Management

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

6

Account Type

Justification for Secure Access

Internal User

Accountability, Auditing, and Assurance

The actions of each user’s account must be capable of being irrefutably linked to the account and the user assigned to that account.

Non-repudiation

External Remote User

Third Party

Privileged and System Accounts (Administrators)

Secure Network Access Considerations

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

7

DISCOVER: PROCESS

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

8

Pre-Employment Checks

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

9

What Information Can Be Considered

What Information Cannot be Considered

Applicant’s Rights

Consequences of a Bad Hiring Decision

Ongoing Observation of Personnel

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

10

Identify Potentially Disgruntled Employees

Proper Ways to Revoke Access upon Employee Termination

DISCOVER: ROLES

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

11

Roles and Responsibilities

Human Resources Department

Recruiting, retention, separation, development, promotion, welfare, and safety, health, and environment

Hiring Department Manager/Supervisor

Work specifications, data and application access, work supervision and review, promotion, reward, and discipline

Employee

Job knowledge and application, compliance with employment policies and procedures, and loyalty and ethical behavior

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

12

DISCOVER: RATIONALE

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

13

Security Awareness Training Facts

Information technology (IT) security surveys conducted by well-known accounting firms found the following:

Many organizations have some awareness training.

Most awareness programs omitted important elements.

Less than 25% of organizations had no way to track awareness program effectiveness.

Source: http://www.lumension.com/Resources/Resource-Center/Protect-Vital-Information-Minimize-Insider-Risks.aspx

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

14

Defining appropriate policies and procedures governing employee behavior

Educating employees about the policies and procedures relevant to them

Verifying employees’ understanding of relevant policies and procedures

Discovering and addressing behavioral shortcomings

Managing change over time

Best Practices for Managing Human Risks

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

15

Summary

10 prevalent insider threats

User Domain access control management

Security awareness training

Best practices for managing human resources

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

09/23/10

16

Access Control, Authentication, and Public Key Infrastructure

Lesson 8

Access Control for Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

1

Learning Objective

Implement appropriate access controls for information systems within information technology (IT) infrastructures.

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

2

Key Concepts

The three states of data

File system access control lists

User account type privilege management

Access control best practices

Organization-wide layered infrastructure access control

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

3

DISCOVER: CONCEPTS

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

The Three States of Data

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Data at Rest (DAR)

Stored on some device

Archived records

Data in Motion (DIM)

Sending an e-mail

Retrieving a Web page

Data in Process

Creating a new document

Processing a payment

DIM

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Use encryption to protect stored data:

Elements in databases

Files on network and shared drives

Files on portable or movable drives, Universal serial bus (USB), and flash drives

Files and shared drives accessible from the Internet

Personal computers (PCs), laptop hard drives, and full disk encryption

Protecting DAR

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Difficult to protect since it is being operated on by the central processing unit (CPU)

Protecting DIP

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

File System Access Controls

File system access controls will include logging of user activities on the:

Files

Applications

Systems

Access Controls at Different Levels in a System

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Trust-Based Peer to Peer (P2P)

Workgroup

Role-Based Access

Group-Based Files Access

Types of File System Access Controls

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Microsoft (MS) Windows versus UNIX

File system controls in MS Windows and UNIX are different, but used to accomplish the same objective–control access to data assets

Types of File System Access Controls (Continued)

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Windows Folder Permissions

Folder security properties in Windows 8

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

3/30/2015

12

Windows Folder Permissions

Editing folder permissions in Windows 8

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

3/30/2015

13

Windows Folder Permissions

Windows 8 advanced file permissions

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

3/30/2015

14

UNIX-based Rights

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

3/30/2015

15

Changing UNIX File Permissions

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

3/30/2015

16

DISCOVER: PROCESS

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Layered Protection Through IT Infrastructure

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Layered Protection Through IT Infrastructure (Continued)

DMZ 2

DMZ 1

Dual DMZ Configuration

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

DISCOVER: ROLES

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Roles and Responsibilities

Role Responsibilities
System Owner Owns System Authorizes access Performs non-technical access control review
Network Administrator Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties
System Administrator Grants access to system, applications, and data Provides special access as required Creates groups and assigns users and privileges Provides backup and recovery capabilities of systems, applications, and data

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Roles and Responsibilities (Continued)

Role Responsibilities
Application Owner Grants access to applications that manipulate data Maintains integrity of applications and processes
Data Owner Maintains data integrity Authorizes distribution to internal and external parties
User Uses systems, applications, and data to perform functions Creates file Assigns data classification

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Summary

Three states of data

Protecting DIM and DAR

File system access controls

User account type privilege management

Layered protection

Roles and responsibilities

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Virtual Lab

Managing Linux Accounts

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:

 

“In this lesson, you learned about user rights and file permissions. You also explored how access controls are implemented in various operating systems, such as Microsoft Windows and UNIX-based systems.

 

In the lab for this lesson, you will create new user accounts on a Linux virtual machine and grant administrator privileges to one of those user accounts. You will also create two new security groups, add user accounts to those groups, and then delete one of those user accounts.”

3/30/2015

24

Connection from

Internet

Firewall

External Router

Border Firewall Only

Internal Network

Connection from Internet

Router

Connection from Internet

I lOVE this Professional essay writing website. This is perhaps the fifth time I am placing an order with them, and they have not failed me not once! My previous essays and research papers were of excellent quality, as always. With this essay writing website, you can order essays, coursework, projects, discussion, article critique, case study, term papers, research papers, research proposal, capstone project, reaction paper, movie review, speech/presentation, book report/review, annotated bibliography, and more.

Post your homework questions and get original answers from qualified tutors!

PLACE YOUR ORDER