Question

You are hired in “Global IT Professional Pty Ltd” as an IT System advisor. The IT manager asked you to come with 15 lines report about Access Control Policies and choose the best category for you company with more than 17,000 employees. You need to explain why you have chosen that Access Policy.

Answer 1

Access Control Policy – Password Access

User Audience: All the employees of Global IT Professional Pty Ltd

Category: Password Access Management

Overview

This policy for the password access management outlines the access control requirements linked with the information technology systems of Global IT Professional Pty Ltd. This policy is envisioned to confirm that all the Company systems are correctly protected against unauthorized access, while permitting authorized users (mainly employees) to conduct business.

To deal with the unauthorized access to our information, we required to notify the Service Desk if we suspect that our password and/or PIN codes have been compromised, and quickly change the same to prevent unauthorized access to the Company systems.

Password Requirements for the Company Employees Access:

· Password should not be set to “never expire” state as it can badly impact the privacy.

· Password should not contain our name or parts of our full name, such as a whole first name.

· Passwords must be changed in every 90 (ninety) days for better security.

· Password will be solidified unreadable (encrypted) when being kept or conducted.

· Passwords should not match from the last six passwords in which the unique ID has been used.

· A user will be locked if he/she tries more than 10 inaccurate times and will be locked out for 10 minutes or till then when an admin enables the ID.

· Password should be at minimum 8 characters in the length.

· Each password must contain at least one alphanumeric character along with at least 3 of the following:

o Uppercase alphabet characters (A to Z)

o Numeric digits (0 to 9)

o Lowercase alphabet characters (a to z)

o Special (non-alphanumeric) characters: !@~#$^&*% -_ + [<]:;"'>=`|\(){},.?/

Rules for PIN

· The PIN should be condensed indecipherable (encrypted) when being stored or transmitted

· The PIN should be a minimum of four (4) characters in length