Access control starts first with assessing risks so you can properly identify potential threats and determine how to mitigate those risks. Your CIO has asked you to conduct a risk assessment on a newly acquired division that works on product development and has their own servers that will be joined into the existing network.
Describe the steps you would take, including the areas you would assess and the reasoning for your approach.
Would you use a qualitative or quantitative approach to this assessment? Justify your reasoning.
Are there any external tools or websites that would be useful when conducting an assessment?
Share your findings with your classmates, provide any links to any useful resources you find, and make sure you cover all three aspects of the topic.
All aspects of a business are vital, though some have more impact on the bottom line. Permissions and access control are given based on what users need and not on what they want. This is called the policy of least privilege. Based on this week’s reading, answer the following question:
Mistakes happen, even when creating users. In your opinion, if a user is given more access than they need and use it to traverse to sections of the network that are not part of their job responsibilities, who is liable if trade information is stolen? Justify your answer. Outline the steps you would take to ensure proper access control is being maintained and users have the correct rights. Using the Internet, look for an article on a recent breach in access control. Summarize the article, the event, and the issue that created the breach. What steps would you have taken in a similar situation?
Deter Information Theft”
Federal and State laws act as a deterrent to information theft but also make it necessary for businesses to protect sensitive data. There are penalties for stealing information, as well as penalties for failing to protect it.
Describe the Computer Fraud and Abuse Act and how it influenced businesses. Next, using the Internet, search for your State’s laws that are designed to protect sensitive data. Share the details of the law, as well as how it is enforced in the event of noncompliance. Compare the Federal Law with your state law and decide if more legislation is required. Be sure to justify your answer.