Question

Access controls provide the ability to allow or deny access to critical information and devices on a network. Access controls can be physical or logical.

In a 500- to 750-word essay, develop a plan for implementing access control models in an enterprise. Make sure to address the following:

1. Which of the elements of access control would you use in your plan? Would you use them all? Why?
2. What are some of the best practices concerning access control? For example, multi-factor authentication or bio-metrics.
3. Defend the strategy for your plan.

Prepare this assignment according to the guidelines found in the APA Style Guide. Please cite all references

Answer 1

Access Control:

Access Control mechanism facilitates to allow or deny access to some critically important information and network devices. You can control accesses physically or logically as per the current requirement or plan. While developing plan for implementing access control model in an enterprise, first thing to analyze is, the type of enterprise, how it works. That will help you to analyze what type of access control mechanism can be incorporated into that enterprise model.

In broader perspective, access control can be modeled in three categories:

1. Physical

2. Technological

3. Administrative

Let's have a brief on all of three:

1. Physical Access Control:

This is related to actual physical intervention of people (staff), entrances, premises, server rooms or working area etc. We should provide proper access control to these physical instances to make sure right person is provided with right access over physical things. For example, entrance of office premises should be managed by some bio-metric authentication which will make sure only staff of office can enter the premises. This also comprises of CCTV serveillance in enterprise for making sure correct access control over physical instances. Different networks can be segregated into different areas. For example, computer systems for employees can be combined in one premise and all network hardware like routers, switches can be put into different area as part of physical access control.

2. Technological Access Control:

This will include access control over softwares that industry uses, server rooms managed by enterprise. We should have correct level of access to the deserving employee role. For example, administrative rights should not be given to peon staff over the company software. This can also be treated as Role-based Access Control which means user will be given access as per his/her role in that enterprise. Network access and system access is distributed as per the role throughout enterprise. Ideally, the most sensitive data is accessed by most responsible person. Encryption is performed on some data while storing to provide security to sensitive data as part of technological access control. Technological boundaries will be intact to the roles designed by enterprise. Alerts and Anti virus softwares are also examples of technological access control.

3. Administrative Access Control:

These are generally designed by higher management of enterprise. Mainly it comprises of procedures and policies to be followed by each employee of enterprise be it an employee, supervisor or manager. Some security polices are enforced on employees so that enterprise can function securely and deliver as expected. Some trainings can be conducted as part of plan for administrative access control to make employees aware of the policies. Duty rotation is also one of the famous step in administrative access control plan to avoid frauds and security breaches.