Access Control & Security

,

Scenario

You are the IT manager for a medium-sized grocery store. The store has several locations throughout Nevada, Utah, and Montana. Before you were hired, there was no plan for technology or security. (You can read a much more thorough synopsis of this context in the Background Information below.)

Your role is to tackle a few tasks a week until the company’s security and management of technology are under control so that you and your CIO (your instructor) can begin planning for longer-range strategy.

Here are the tasks you’ll need to address this week:

Task 6

After dealing with many issues with the HR and data classification, you have been asked to see what types of controls are in place for making sure fraud and embezzling is not happening from within accounting. You have been tasked with developing accountability controls (separation of duties, job rotation, and mandatory vacations). Currently, there are three accounting technicians and they would like to better understand why the three types of accountability controls are being introduced. One accounting technician is curious as to why separation of duties is being developed. Another rarely takes vacation and insists that he enjoys working and doesn’t feel the time off is useful or productive; they consider the un-used time a “gift” back to the company. The third technician is comfortable in their specific role and has been doing it for over ten years and questions why there might be a need to rotate roles and duties periodically – especially now after they have proven themselves trustworthy for so long. In the past, any of the three workers could write a check, sign a check, cash a check, and record a check in the accounting software. There has never been an issue with fraud that anyone is aware of, so why bother? You are tasked with explaining with examples of what each accountability control is and how they will ensure that the risk of fraud is reduced. Ensure that you explain how mandatory vacation can increase security.

Task 7

One day, you walk into the office and you notice that the staff members were doing whatever they wanted with the computers.  Over the course of the next several days, you decide to do some management by walking around and discover that your suspicions are well-founded: Some are looking up potential evening or weekend activities, one was making reservations for a personal trip, another was paying bills (on their break but still on the company’s equipment), another may have been perusing a dating site, and many of them are regularly engaging with social media – some legitimately may have been work-related given their company roles, but others were clearly not. You look up the policies that govern staff and realize that the company has no Acceptable Use Policy (AUP) nor a Security Policy. You are tasked with explaining to management what goes into a Security Policy and to provide examples of items that should be included. You are also being tasked with creating a general AUP for all the staff members to adhere to.

Upon successful completion of this assignment, you will be able to:

  • Relate how an access-control policy framework is used to define authorization and access to an IT infrastructure for compliance.
  • Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.
  • Relate how a data classification standard influences an IT infrastructure’s access control requirements and implementation.
  • Develop an access control policy framework consisting of best practices for policies, standards, procedures, and guidelines to mitigate unauthorized access.
  • Define proper security controls within the User Domain to mitigate risks and threats caused by human nature and behavior.
  • Implement appropriate access controls for information systems within IT infrastructures.
  • Mitigate risks from unauthorized access to IT systems through proper testing and reporting.
  1. Task 6: Using MS Word, detail out how you would explain the need to introduce accountability controls to the three technicians. Be sure to address each of their specific concerns. 
    1. Write your response in narrative form as if you were sharing your observations and concerns in a meeting with the technicians.
    2. You should have five paragraphs with a minimum of 4-5 sentences in each:
      1. An introduction where you explain what risks you have been seeing and share why accountability controls are necessary even though they may not seem necessary to these long-standing employees,
      2. One paragraph for each of the three accounting technicians’ concerns (separation of duties, job rotation, and mandatory vacations), and
      3. A concluding paragraph where you summarize the concerns, re-state the importance, and ask for their commitment in supporting the changes as others wonder why they are being implemented.
    3. This does not need to be in APA style, but if you mention any specific sources, be sure to cite them.
  2. Task 7: After reviewing the Task 7 description, do the following:
    1. Write a “talking points” synopsis for your fictional management team which explains what goes into a Security Policy, providing examples of items that should be included. This can be in the form of a proposed email, an Executive Summary, an outline, or well-organized notes for a management meeting.
    2. Develop a general Acceptable Use Policy (AUP) for this fictional grocery company for all staff members to adhere to.
    3. Prepare a memo for introducing that AUP to the larger workforce. It will need to include the rationale and purpose, justify the importance, clarify implementation expectations, and address likely concerns employees may have.
  3. Submit your responses as follows:
    1. Task 6 – A Microsoft Word document which does NOT need to be in APA style. It should include 5 paragraphs of 4-5 sentences each, so it will be approximately 2-3 pages in length.
    2. Task 7 – (1) A written synopsis in your preferred format – could be an email, an Executive Summary, an outline, or well-organized notes for a management meeting; this does NOT need to be in APA style; (2) A Microsoft Word document which does NOT need to be in APA style; length needs to be appropriate to the context and nature of what you will include in it; and (3) A one-page memo in one of Microsoft Word’s memo templates (preferably front only, but no more than one-page front & back).
  4. When you have completed your assignment, save a copy of each of the files for yourself and submit copies to your instructor using the Assignment submission page.
  5. Your submission is due by the end of the workshop.

What Students Are Saying About Us

.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐
"Honestly, I was afraid to send my paper to you, but you proved you are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"

.......... Customer ID: 11***| Rating: ⭐⭐⭐⭐⭐
"This company is the best there is. They saved me so many times, I cannot even keep count. Now I recommend it to all my friends, and none of them have complained about it. The writers here are excellent."


"Order a custom Paper on Similar Assignment at essayfount.com! No Plagiarism! Enjoy 20% Discount!"


Related posts:

  1. WSJ Assignment
  2. Environmental Impacts of Deforestation
  3. Final Presentation
  4. Explain the thinking of the Court in DC v. Heller. Marbury v. Madison
/by