Nt2580 Unit 7 Chapter 12

2.2Security Control SelectionAre selected security controls for the information system documented in the security plan?

The compared authoring tools supports different browsers such as Internet Explorer, Chrome, FireFox 4.0 for Windows, and Google Chrome or Apple Safari for Mac, and all users with different network connections can use all their services. Moreover they all support different operation systems; for example, both Lectora and Easygenerator support Microsoft Windows XP, Vista, 7; Lectora support Microsoft Windows 8 as a plus. Captivate is certified for Microsoft Windows 7, 8 and 8.1., and Mac OS too. They are all compatible with mobiles and smartphones or in other words “mobile friendly”.

Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.

1.Authentication: It has to do with the process of identifying one’s self into the application. For a user to be authenticated into the SAP system he needs to have a valid user I.D. and a password.

IS355_BestW5Assignment Lab #6 – Report file Developing a Risk – Mitigation Plan Outline for an IT Infrastructure Course Name and Number: Risk Management IS355 Student Name: Sherry Best Instructor Name: Nicole Goodyear Lab Due Date: 2/13/2018 Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet Remote Access Domain 1 User destroys data in application and deletes all files Systems/Application Domain 3

Access control refers to the mechanisms that identify who can and cannot access a network, resource, application, specific action.

Discretionary access control means only certain permitted users are allowed access to specific things. However, someone with permitted access can let another user use their access. The least privilege principal is where access is only granted to certain systems and certain data that is needed to do the users job. Sometimes temporary access is given to data that is required to access random jobs or to see what that user is doing. When this happens, the access is only temporary, it is imperative to uphold the principal of least privilege to ensure that user does not have access to the data when the job finished.

C. Permissions and Rights (What they can do. . Which operations they can perform on a system.)

3.p16 The purpose of access control is to regulate interactions between a subject and an object, such as data, a network or device

type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of

|a |3.2 |Security Strategies in Windows Platforms and Applications, Page 68 | |13. |b |3.3 |Security Strategies in Windows Platforms and Applications, Page 80 | |14. |c |3.4 |Security Strategies in Windows Platforms and Applications, Page 83 | |15. |d |3.5 |Security Strategies in Windows Platforms and Applications, Page 83 | |16. |b |4.1 |Security Strategies in Windows Platforms and Applications, Page 90 | |17.

Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.

Application of context to scan results – to determine which infrastructure vulnerabilities should be targeted first and most aggressively.

As the use of computers, databases, and technology in general, security has grown to be a powerful tool that has to be used. The threat of outside sources intruding and exploiting crucial information is a threat that is present on a daily basis. As a part of creating and implementing a security policy, a user must consider access control. Access Control is a security tool that is used to control who can use or gain access to the protected technology. Access control security includes two levels; logical and physical. Though database intrusions can happen at any moment, access control provides another security barrier that is needed.

Confidentiality: Access controls help ensure that only authorized subjects can access objects. When unauthorized entities are able to access systems or data, it results in a loss of confidentiality.