EduCheer!

Free Samples and Examples of Essays, Homeworks and any Papers


  • Absolutely free
  • Perfect homeworks
  • Fast relevant search
  • No registration and Anonymous

Access Control Proposal

Filed Under: Essays

3 pages, 1339 words

Proposal Statement

Integrated Distributors Incorporated (IDI) will establish specific requirements for protecting information and information systems against unauthorised access. IDI will effectively communicate the need for information and information system access control.

Purpose

Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.

Scope

This policy applies to all IDI Stakeholders, Committees, Departments, Partners, Employees of IDI (including system support staff with access to privileged administrative passwords), contractual third parties and agents of the Council with any form of access to IDI’s information and information systems.

2 pages, 756 words

The Essay on Internal Control System

We would like to thank you for the opportunities you have provided us in evaluate the internal control systems of your company. As you know, internal control systems are paramount securing the assets of any company or organization. In your case Control System will play an important role in limiting the risk of fraud or asset misappropriation. Understanding how to segregate duties among your ...

Definition

Access control rules and procedures are required to regulate who can access IDI information resources or systems and the associated access privileges. This policy applies at all times and should be adhered to whenever accessing IDI information in any format, and on any device.

Risks

On occasion business information may be disclosed or accessed prematurely, accidentally or unlawfully. Individuals or companies, without the correct authorisation and clearance may intentionally or accidentally gain unauthorised access to business information which may adversely affect day to day business. This policy is intended to mitigate that risk. Non-compliance with this policy could have a significant effect on the efficient operation of the Council and may result in financial loss and an inability to provide necessary services to our customers.

Applying the Policy – Passwords / Choosing Passwords

Passwords are the first line of defence for our ICT systems and together with the user ID help to establish that people are who they claim to be. A poorly chosen or misused password is a security risk and may impact upon the confidentiality, integrity or availability of our computers and systems.

Weak and strong passwords

A weak password is one which is easily discovered, or detected, by people who are not supposed to know it. Examples of weak passwords include words picked out of a dictionary, names of children and pets, car registration numbers and simple patterns of letters from a computer keyboard. A strong password is a password that is designed in such a way that it is unlikely to be detected by people who are not supposed to know it, and difficult to work out even with the help of a Protecting Passwords

It is of utmost importance that the password remains protected at all times. Do not use the same password for systems inside and outside of work.

Changing Passwords

All user-level passwords must be changed at a maximum of every 90 days, or whenever a system prompts you to change it. Default passwords must also be changed immediately. If you become aware, or suspect, that your password has become known to someone else, you must change it immediately and report your concern to IDI Technical Support. Users must not reuse the same password within 20 password changes.

1 page, 373 words

The Essay on Information Systems and Information Technology

A combination of hardware, software, infrastructure and trained personnel organized to facilitate planning, control, coordination, and decision making in an organisation Contrast IS and IT: What is the difference between Information Systems and Information Technology? In: Computer Terminology, Technology, Information Technology[Edit categories] Answer: Information Systems is a large umbrella ...

System Administration Standards

The password administration process for individual IDI systems is well-documented and available to designated individuals. All IDI IT systems will be configured to enforce the following: Authentication of individual users, not groups of users – i.e. no generic accounts. Protection with regards to the retrieval of passwords and security details. System access monitoring and logging – at a user level.

Role management so that functions can be performed without sharing passwords. Password admin processes must be properly controlled, secure and auditable.

user access Management

Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.

User Registration

A request for access to IDI’s computer systems must first be submitted to the Information Services Helpdesk for approval. Applications for access must only be submitted if approval has been gained from Department Heads. When an employee leaves IDI, their access to computer systems and data must be suspended at the close of business on the employee’s last working day. It is the responsibility of the Department Head to request the suspension of the access rights via the Information Services Helpdesk.

User Responsibilities

3 pages, 1027 words

The Essay on Remote Access Systems Server Network Ras

Public phone lines and a modem are a typical communication conduit to connect to a company network. Although wireless technology will definitely change our options for connecting to a network from a remote location in the next few years, a modem is still the connection device most commonly used. To allow this type of remote access, Remote Access Services must be set up. Setting up remote access is ...

It is a user’s responsibility to prevent their userID and password being used to gain unauthorised access to IDI systems.

Network Access Control

The use of modems on non- IDI owned PC’s connected to the IDI’s network can seriously compromise the security of the network. The normal operation of the network must not be interfered with.

User Authentication for External Connections

Where remote access to the IDI network is required, an application must be made via IT Helpdesk. Remote access to the network must be secured by two factor authentication. Supplier’s Remote Access to the Council Network Partner agencies or 3rd party suppliers must not be given details of how to access IDI ’s network without permission. All permissions and access methods must be controlled by IT Helpdesk. Operating System Access Control Access to operating systems is controlled by a secure login process.

The access control defined in the User Access Management section and the Password section above must be applied. All access to operating systems is via a unique login id that will be audited and can be traced back to each individual user. The login id must not give any indication of the level of access that it provides to the system (e.g. administration rights).

System administrators must have individual administrator accounts that will be logged and audited. The administrator account must not be used by individuals for normal day to day activities.

Application and Information Access

Access within software applications must be restricted using the security features built into the individual product. The IT Helpdesk is responsible for granting access to the information within the system.

Policy Compliance

If any user is found to have breached this policy, they may be subject to IDI’s disciplinary procedure. If a criminal offence is considered to have been committed further action may be taken to assist in the prosecution of the offender(s).

If you do not understand the implications of this policy or how it may apply to you, seek advice from IT Helpdesk.

Policy Governance

The following table identifies who within [Council Name] is Accountable, Responsible, Informed or Consulted with regards to this policy. The following definitions apply:

6 pages, 2905 words

The Term Paper on Network Security Correlate User

NTC 360 - Network and Telecommunications Concepts July 31, 2005 Network Security In today's world, with so many ways to gain unauthorized access to someone's computer system, network security is very important. Almost every company has been a victim of a virus attack, hackers, or some other form of unauthorized access to their network. In this paper, I will discuss various methods that those who ...

Responsible

Head of Information Services, Head of Human Resources

Accountable

Director of Finance etc.

Consulted

Policy Department

Informed

All IDI Employees, All Temporary Staff, All Contractors.

Review and Revision

This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months.

Key Messages

All users must use strong passwords.

Passwords must be protected at all times and must be changed at least every 90 days. User access rights must be reviewed at regular intervals. It is a user’s responsibility to prevent their userID and password being used to gain unauthorised access to IDI systems. Partner agencies or 3rd party suppliers must not be given details of how to access the IDI network without permission from IT Helpdesk. Partners or 3rd party suppliers must contact the IT Helpdesk before connecting to the IDI network.

Similar Papers

Information Systems and Information Technology

... standards. Adoption of information systems simplifies business processes and removes unnecessary activities. Information systems add controls to employee processes, ensuring that only users with the applicable ...

Effective support for information users

... technical assistance, that is, to provide information regarding the technical aspects of the ... html? forumID=14&threadID=146337 &messageID=1623851). Whitworth,B. Socio-Technical Systems. Retrieved on 23rd July 2010 from http://brianwhitworth. ...

The Vietnam War Containment Policy Or Change In Policy

... from a commitment, which again illustrates the change in foreign policies. The application of the containment strategy to ... as longer-term changes in U.S. foreign policy became apparent during the Vietnam conflict. These policies viewed the consequences ...

Age Verification Systems and Closed User Groups in Germany

... System is a computing system used by a website to confirm the information about the user attempting to access ... user and sending password to the user takes 3-4 days. This ”password traveling time” users ... control ... networks, ... changing, in ... policy ...

Unit 3 Assignment 1: Remote Access Control Policy Definition

... this network. Every effort should be dedicated towards preventing user to access information they should not have access to. Non-Discretionary Access Control is defined as controls that ...

Operating System Security Web Users

... User ID and the password the user enters. The permission controls are based on security Ids found in a security access ... information, which is where the use of log-ons, passwords ... access controls, both to the system ... have been changed (either maliciously ...

All Papers Are For Research And Reference Purposes Only. You must cite our web site as your source.