Question

You are hired in “Global IT Professional Pty Ltd” as an IT System advisor. The IT manager asked you to come with 15 lines report about Access Control Policies and choose the best category for you company with more than 17,000 employees. You need to explain why you have chosen that Access Policy.

Answer 1

15 Lines report about access control policies and choose the best category for your company with more than 17000 employees --

• While planning for the organization, as a system advisor, the access control system need to be considered which include-- access control policy, models and machanism.
• The access control policy is the high level requirements which specify managment of access and by whom the information will be access under what circumtances.
• The high level access control is selective restriction of access to data and it contains two componants which include -- authentication and authorization.
• The authentication is technique which is used to identify, who the someone is, claiming to be. here only authentication is not sufficient to protect data.
• Organization's staff and employees, contractors and vendors that connect to server, applications and networks devices that transmit data, it is needed to be consider as high security system.
• The access control will minimize unauthorized use of resources and protect the confidientiality, integrity and availability of the organization's network, application and system.

The Report of access control policy --

• The access control to high security system will be implemented through automated control system.
• Access of high security system will be provided to user based on organization's requirement, responsibility and job functions.
• The account creation, modification and deletion and access to data which is protected and network resources will be completed by server operation group.
• The user of the organizations who are accessing high security system will utilize and ssparate unique account. and The account will consider following rules --
• The password should meet with ITS password standard.
• The account which is inactive should be disabled after 90 days.
• The access should be monitored while the account is in use.
• Repeated access should be limited via locking the user ID, if user try to attempts more than six times.
• No modem and wireless access points should be allowed on high security networks and remote access technology which is unapproved.
• The remote access should be authenticated and encrypted through the organization's VPN.
• Two factor authentication must be included in remote access like - username and password and pin combination.
• The machine which is used for remote access should have antivirus and host based firewall system installed, enabled and running.
• The password reset request should be submitted to the treasurer's office and should be verified by manager.
• Physical access have approval of the ITS infrastructure services director.
• The ITS infrastructure service director and information security team should audit physical access to ITS data centers on annual basis.