Question

You are hired in “Global IT Professional Pty Ltd” as an IT System advisor. The IT manager asked you to come with 15 lines report about Access Control Policies and choose the best category for you company with more than 17,000 employees. You need to explain why you have chosen that Access Policy.

Answer 1

ANSWERS :

ANS 1. The access control policies provides controlled access to the physical computer, building or the software to maintain the security . It provides details about the controllling and accessing the information and systems.

It provides main functions which are : user access , risk managment , giving access to files and documents , providing the remote access to the user .

There are basically 3 types of access control policies which are :

1. DAC ( Discretionary Access Control )

2. MAC ( Mandatory Access Control )

3. RBAC ( Role Based Access Control )

Benifits of Access Control policies :

1. The access control mainly provides the authentication to the only required proffesionals and provide them with the neccessary password or key to get access into the company premises or building.

2. It keeps a track on all the employees as in when they enter or leave .

3. It secures the most sensitive and important data from getting exploited.

4. Because of this there is less theft and stealing of data.

The access control policy that is suitable for this organisation is MAC ( Mandatory Access Control ) .

Reasons for choosing this access control policy :

1. It checks and maintains that only the people working in the organization gets access to the building.

2. Since this organization has large number of people working so it will not be the best idea to provide complete access to all the software to all the people working, so this MAC comes into play it provides confidentiality and limited access of data to the workers itself meaning that the people working gets the access to the specific department and software they need not the whole.

3. Altough it has high implementation cost and maintainence but it provides very high level of security compared to all the other access controls.

4. There is only one administrator that has all the access rights and not all the emplopees this leads to less confusion and the data and software can be secured as the main access of data is limited and any alteration or theft of data can be easily identified.