ORGANIZATION-WIDE SECURITY PLAN 8
Implementationof an Organization-Wide Security Plan
Implementationof an Organization-Wide Security Plan
Relevant IT infrastructure domains to envision, design, and develop access controls.
Therelevant IT infrastructure domains needed to develop the accesscontrols include the WAN (Wide Area Network), workstation domain, LAN(Local Area Network) domain, remote access domain, user domain, andsystem/application/storage domain (Chapple,2013).The design will integrate antivirus, internet restrictions,firewalls, usernames, and passwords to provide selective restrictionsto all the identified domains (Peltier,2013).
An Organization-Wide Access Control Plan.
Theorganization-wide access control plan will integrate appropriateaccess controls to the different part of the system. With regards tostorage and equipment areas, the system will integrate restrictedaccess as well as secondary locks to enhance security, especially ondatabase servers (Peltier,2013).Additionally, the system will include encryption policies to protectsensitive data. A strong password policy will be implemented thepassword used must include a combination of capitalized and lowercaseletters, numbers, as well as special characters (Chapple,2013).Technology being used in protecting confidential and personal datamust quickly adapt to mitigate the current risks and threats.Furthermore, a network-based access control system will be integratedthat can tackle the failures of present technological solutions toensure the privacy and confidentiality of data are promoted.Similarly, the access control system must ensure security and safetyof the network (Chapple,2013).Furthermore, user accounts will be integrated into the system theusers will have necessary privileges as well as defined roles.
Smartcards, firewalls, keypads, passwords, intrusion detections systems,and tokens are some of the devices that will also be included in theaccess control plan (Peltier,2013).The security plan will integrate the active directory which is aWindow-based authentication system. Additionally, access to fileshares, network, applications, printers, desktop, laptops, scanners,remote access, and wireless access points will be limited to theemployee’s position and role within the organization (Peltier,2013).Besides, the least privilege baseline will be included to make sureno employee has full control of the whole system.
TheActive Directory lets the user authorize and validate other computersand users in allocation and enforcement of security protocols for allcomputers and when updating or installing new software (Chapple,2013).Active Directory will restrict access based on the permission whichis set and assigned to different users. Shared folders will be usedto serve multiple users working on different computers (Hsieh,2015).The structure of the Active Directory will determine theorganizational units specifying where a user belongs and theapplicable permissions given while they access the system (Hsieh,2015). Integrating numerous layers of security in all the domains willensure the whole network is strongly protected especially if a singlelayer of control fails.
Furthermore,the access control plan would entail comprehensive training for allusers to build their capacity in such areas as social engineeringtechniques and protecting user IDs and passwords (Kim,2013).A strong antimalware or antivirus software will be installed andregularly updated on all system devices such as smartphones, tablets,and computers. Additionally, a firewall will be relied on tosafeguard the LAN-to-WAN and WAN domains from any unsanctionedaccess. Besides, the firewall and switches will be used as intrusiondetection and deterrence systems to alert administrators of anyinternal or external attacks to protect the LAN-to-WAN and LANdomains.
Allauthorized users will use a unique ID and password while they log oninto their devices they will also be required to verify theiridentity to safeguard the LAN and workstation domain further. Theirlog-in credentials will give them access privileges which areexclusive to the resources or information they require to performtheir jobs (Chapple,2013).Such control while help minimizes the damage that might likely beexperienced especially if their log-in credentials are compromised toprotect the workstation and LAN domains further.
3.Detailed implementation procedures and plans to help in the executionof the organization-wide access control plan.
Theimplementation plans and procedures will include proper proceduresfor identification and verification through enforcing the passwordpolicy. Secondly, they will be accessed/account control that willrestrict access to different parts of the network or system (Kim,2013).The system will include controlled sessions functionalities torestrict users from access more than a single workstationsimultaneously. The plan will consider security products likeintrusion detection system, firewalls, and encryption. Additionally,virus protection will be considered to safeguard against phishing,virus, spyware, and malware attacks (Chapple,2013).Lastly, the network maintenance will integrate suitable securitypatches.
Employeesmust have a responsibility to safeguard the availability, integrity,and confidentiality of data generated, stored, accessed, transmitted,changed, or utilized by the company (Chapple,2013).Different departments will implement all technical, physical, andoperational access controls according to the policy to protect publicdata, official use only data, and confidential data (Peltier,2013).
AccessControl Descriptions:
User Accounts |
Physical Access |
Necessary Privileges |
User Roles |
Access Mechanisms |
Chief Executive Officer (CEO) |
All |
Administrator |
Author role |
Badge, System Authentication (Username/Password) |
Executives |
All |
Administrator |
Author role |
Badge, System Authentication (Username/Password) |
General Manager |
All |
Administrator |
Author role |
Badge, System Authentication (Username/Password) |
Manager |
All |
Log-in, Create, delete, as well as manage user accounts. |
Author role |
Badge, System Authentication (Password/Username) |
Employees |
Relevant work station |
Log-in locally, Files and directories. |
Contributor role |
Badge, System Authentication (Password/Username) |
Receiving/ Shipping Department |
Shipping Receiving /All employee stations |
Log-in locally, Receiving files. |
Author role |
Badge, System Authentication (Password/Username) |
Sales Department |
Sales Department Station |
Log-in locally, Sales files. |
Advanced Author |
Badge, System Authentication (Password/Username) |
Customers/Clients |
Guest/ Lobby Access |
Guest |
Browser |
Guest (temp) Badge, Guest System Authentication when needed (Password/Username) |
Information Technology Systems Admin |
ALL |
Administrator |
Badge, System Authentication (Password/Username) |
|
Information Technology Network Admin |
ALL |
Administrator |
Badge, System Authentication (Password/Username) |
References
Chapple,M., Ballad, B., Ballad, T., & Banks, E. (2013). Accesscontrol, authentication, and public key infrastructure.Jones and Bartlett Publishers, Inc.
Hsieh,C. H., Lai, C. M., Mao, C. H., Kao, T. C., & Lee, K. C. (2015).AD2: Anomaly detection on active directory log data for insiderthreat monitoring. In SecurityTechnology (ICCST), 2015 International Carnahan Conference on (pp.287-292). IEEE.
Kim,D., & Solomon, M. G. (2016). Fundamentalsof information systems security.Jones & Bartlett Learning.
Peltier,T. R. (2013). Informationsecurity fundamentals.CRC Press.