StudyDaddy Information Systems Final Capstone Portfolio Project If you completed the written portions during the previous modules, this is the appropriate option for you. This is the culmination of your portfolio project. Utilize a

Final Capstone Portfolio Project If you completed the written portions during the previous modules, this is the appropriate option for you. This is the culmination of your portfolio project. Utilize a

0






ENSURING THAT PEOPLE HAVE ACCESS TO ONLY WHAT THEY REQUIRE



Sarah Ray

CSU Global

Cybersecurity Capstone

Professor Ofori Boateng

8/31/22

ENSURING THAT PEOPLE HAVE ACCESS TO ONLY WHAT THEY REQUIRE

System security is an essential and continuous practice that ensures people access files and information based on their roles, responsibilities and needs. It means that during system security, everyone will be assigned an account based on their work roles in the organization; an example, the employees and clients will access different types of information. Therefore during the login process, the system should be able to differentiate between other users and channel them to the right information. Therefore the first process that will be applied is user control, especially through passwords and usernames.

The employee will act on behalf of the management to solve a client’s needs, General, the user verification process will ensure that everyone creates a unique username and password that shall not be shared or easily guessed. It will ensure that users can access their accounts only; therefore, the information they get will be based on their needs. Additionally, the continued updates on the accounts shall only be verified by the IT management within the organization to ensure there are no errors in communication. Harambam et al. (2019).

Secondly, we shall create data classification procedures in the organization, ensuring that people at the lower ranks can access less critical data than those in management positions. This will be our precautionary measure, especially considering that there are many workers within the organization, which increases our security threat. However, as one’s hierarchy in the organization goes lower, one will access more specific information that would have minimal or no impact on the organization if exposed. An example, the top employees will access more classified intellectual property in the organization, including the competitive strategies, marketing records, profitability records, customer data etc.

We will also implement account monitoring activities to ensure safety and that people access the data needed. An example, we shall conduct a system audit once per month to ensure that all systems function effectively. The auditing will help understand the risk levels of different accounts and whether the users are handling them responsibly or not. Users found to have compromised security or terms of the organization will be summoned to the IT manager’s office for retraining. The account auditing process shall also ensure that people whose contract is expired or have stopped working for the organization have their accounts revoked. It will ensure they do not have access to our internal communications, which would be used against us by competing companies.

Our program will ensure that users have access to information they require by ensuring the remoting access process is highly monitored. We understand that most hackers normally target employees working from a separate geographical location and using devices not authorized by the company. Therefore we will protect our information against illegal access by limiting the access to one device specified by the company. While employees will be informed that all their remote access will be monitored, in case of any threats, their accounts will be temporarily suspended. Chromik et al. (2019, March).

Finally, our program will ensure that there are specifications of whatever employees may do or not do on their personal and company computers. An example, employees will seek permission to download files, install new software on the organization’s computers and access unauthorized websites. Within the system, an automated process will scan for malware for any download that occurs, limiting access to malicious files.

Generally, employee education regarding data security and accountability within the organization will be essential in promoting the maximum security of our database. During the sensitization, the employees will understand their limitations, and whoever they should consult in case they face difficulties. In conclusion, our primary method to ensure limited access to data is to use control through passwords and usernames to ensure user authentication. The second method will be data classification; as one’s hierarchy level increases, one will have access to more confidential information in the organization.

References

Chromik, M., Eiband, M., Völkel, S. T., & Buschek, D. (2019, March). Dark Patterns of Explainability, Transparency, and User Control for Intelligent Systems. In IUI workshops (Vol. 2327). https://www.medien.ifi.lmu.de/pubdb/publications/pub/chromik2019iuiworkshop/chromik2019iuiworkshop.pdf

Harambam, J., Bountouridis, D., Makhortykh, M., & Van Hoboken, J. (2019, September). Designing for the better by considering users: A qualitative evaluation of user control mechanisms in (news) recommender systems. In Proceedings of the 13th ACM Conference on Recommender Systems (pp. 69-77). https://dl.acm.org/doi/abs/10.1145/3298689.3347014


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!