Part 1: For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls for the given scenario. Justify your recommendations.
Scenarios:
- A small construction company consisting of 12 computers that have Internet access.
- A small advertising company consisting of 12 computers that have Internet access.
- All employees communicate using smartphones.
- A multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively.
- A defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail.
- A military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail.
Part 2: Select an access control model that best prevents unauthorized access for each of the five scenarios . Which types of logical access controls should be used in each scenario? Justify your recommendations.
- Access control models:
- Mandatory access controls
- Discretionary access controls
- Role-based access controls
- Rule-based access controls
- Content-dependent access controls
- Nondiscretionary access controls
- Access Controls
- Administrative controls: Policies approved by management and passed down to staff, such as policies on password length.
- Logical/technical controls: Control access to a computer system or network, such as a username and password combination
- Hardware controls: Equipment that checks and validates IDs, such as a smart-card for or security token for multifactor authentication.
- Software controls: Controls embedded in operating system and application software, such as NTFS permissions.
- Physical controls: Control entry into buildings, parking lots, and protected areas, such as a lock on an office door.