Answered You can hire a professional tutor to get the answer.
Office of Personnel Management OPM CMP 610 Project 2: Authentication, Authorization and Access Control Organizations have two concerns surrounding...
Office of Personnel Management OPM
CMP 610
Project 2: Authentication, Authorization and Access Control
- 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards.
- 6.2: Create an information security program and strategy, and maintain alignment of the two.
- 6.3: Integrate the human aspect of cybersecurity into an organization's cybersecurity policy.
- 9.3: Assess policies, processes, and technologies that are used to create a balanced approach to identifying and assessing risks and to manage mitigation strategies that achieve the security needed.
Start Here
Step 1: Explore the Basics of Authentication
- Identify the ways in which someone can be authenticated (e.g., userids, passwords).
- Describe how authentication has evolved over time and identify stressors that have resulted in changes to authentication.
- Identify the different types of authentication (e.g., layered or two-factor), compare and contrast their attributes, and give examples of each.
- Compare and contrast single-factor and multi-factor authentication.
Step 2: Explore the Basics of Authorization
- Define authorization and identify examples of authorization schemes.
- Determine how access policies are used to express authorization rulesets. Identify key principles of access policies.
- Identify the challenges that can arise when policies are used to maintain authorization rules. Identify solutions to mitigate these challenges.
Step 3: Explore the Basics of Access Control
- RBAC—Role-Based Access Control
- MAC—Mandatory Access Control
- ABAC—Attribute-Based Access Control
- IBAC—Identity-Based Access Control
Step 4: Social Psychology Report
- Explore the typical intrusion motives / hacker psychology. Classify the types of hackers and actors and give an example of a potential incident.
- Define a cybersecurity policy as it relates to employees and employment. For example, how would an organization apply a security policy to employees and employment in relation to network-related programming or other cyber-related positions?
- Define the separation of duties policy and give an example.
- Define redundancy and diversity and explain how they relate to cybersecurity access control. Give an example of a policy integrating the concepts of redundancy and diversity to reduce risk.
- Summarize how the implementation of the access control mechanisms mentioned in this section may have a positive or negative consequence on employee productivity.
Step 5: Privacy Awareness Report
- Define ECPA and explain how it affects cybersecurity today. Give an example of how it might come into play at your organization today. Suggest how policy at your organization could support ECPA compliance.
- Define FISA and explain how it affects cybersecurity today. Give an example of how it might come into play at your organization today. Suggest how policy at your organization could support FISA compliance.
- Identify any other privacy law that may impact your assigned organization. Give a brief summary of what the law does, how it impacts your organization, and how policy could support compliance.
Step 6: Anonymity Report
- Pseudonymity (Pseudonymity - definition)
- ip spoofing (IP spoofing & packet sniffing at the network layer)
- simple mail transfer protocol (SMTP) servers
- web filters
- types of encryption
- remailers
Step 7: SIMTRAY Training
Human Aspects in Cybersecurity Simtray
Step 8: Assess Authentication, Authorization, and Access Control
Step 9: Research Industry Best Practices
- Give examples of authentication, authorization, and access control that you have seen in your experience, in your assigned organization, and/or in your research and interviews.
- Discuss what worked well and what could be improved.
- Discuss the role of policy in defining and implementing authorization schemes as applied to your experience.
- Apply key points and principles in the NIST Cybersecurity framework for virtual machine cybersecurity.
- Analyze the technologies, uses, and roles of information assurance and software protection technologies.
- Prioritize current cybertechnological threats faced at the enterprise, national, and international levels.
- Evaluate the procedures, policies, and guidelines used to protect the Confidentiality, integrity, and availability of information (CIA triad).
Step 10: Formulate Recommendations
- coincide with IT vision, mission, and goals
- align with business strategy
- incorporate all internal and external business functions
- create the organizational structure to operate the recommendation and align with the entities as a whole
Step 11: Develop a Job Aid
- Define—in layman's terms—authorization, authentication, and access control, and the relationships between them.
- Identify and articulate examples that are easy to comprehend and that would resonate with your company's leadership.
- Describe the importance of authorization, authentication, and access control to the overall security of your organization. Use details of your company's products/services and the need to protect them to emphasize the need for strong controls.
Step 12: Implementation Guidance Presentation
- Describe authentication, authorization, and access control as an important security concept.
- Evaluate the different models and examples of authentication, authorization, and access control.
- Make the case for changes to your organization's authentication, authorization, and access control policies/systems.
- Present the recommended strategy.
- Discuss how you will evaluate the effectiveness of the security program.