AS-3-Discussions,Assignments

Running head: ACCESS CONTROL PROCEDURES GUIDE 1

ACCESS CONTROL PROCEDURES GUIDE 6

Access Control Procedures Guide

Naga Venkata Durga Dilip Teja Atmuri

University of the Cumberlands

Access Control Procedures Guide

Status or setting prior to any change

The change involved redesigning the roles that certain members of staff would have in the organization, and as a result the type of data they would be able to access. Role-based access controls were used to limit access to data to certain personnel in the organization. Employees could only access that was related to their jobs, with access privileges being granted by the system administrator. There is a need however to limit the access of data to certain individuals in the organization to protect sensitive information, which means employees would get certain information directly from management instead of the organization's database. The organization's systems are also currently not secure and data can be accessed without secure authentication, which increases the possibility of unauthorized access. 

Reason for the change

The change was put in place by the organization to limit access to sensitive information. Management had noticed that existing access control procedures in the organization allowed junior employees to access sensitive information about the organization that could be used for fraudulent purposes or leaked to competitors. It was important therefore to put in place measures that would ensure only authorized employees were allowed to view this data. This limits the possibility of attackers gaining access to the organization's database using access privileges of junior employees in the organization. The use of cloud-based authentication will also ensure the organization is able to limit access to authorized personnel only.

Change to implement

The changes to be implemented will involve determining the data that employees at different levels in the organization were supposed to access and limiting their ability to access data they don’t need. Access privileges will be given based on the roles that an employee has in the organization. This will ensure the organization is able to protect sensitive information data from being accessed by third parties. Cloud-based authentication will also ensure that employees are able to access the organization's systems securely from multiple devices without compromising on security. Each employee will also be given authentication credentials that they will use to access the organization's systems. This will ensure that the system administrator can be able to know who accessed which data and when. 

Scope of the change

The change will cover employees at all levels in the organization, as access privileges will be provided based on specific roles. The data that different categories of employees are supposed to access will be first identified after which access controls will be put in place that limits their access to data they will need for their work. Procedures will then be put in place that can enable employees to gain access to additional information that they may need in their work. Cloud-based storage of the organization's data will also be adopted to ensure that employees can access data from any location by securely logging in. Employees will need to undertake additional training on authentication management that will enable them to secure their access credentials and minimize the possibility of phishing attacks. 

Impact of the change

The change is expected to enable the organization to successfully keep track of the data that each employee access. It will also be possible to tell which employees are accessing the organization’s database and as a result make it easier to identify cases of unauthorized access. Authenticating software can also be used to make it difficult for third parties to access the organization's systems. User behavior can for example be monitored to make it easy to identify unusual behavior and as a result unauthorized access. Since employees will only be able to access information that they need for their work, management can ensure that sensitive information is protected, which minimizes the possibility of leakages to third parties that can be used to harm the organization. Employees will also be able to log in securely and as a result improve the overall security of the organization’s systems.  

Status or setting after the change

Overall system security will improve significantly after the change. Employees will be able to log in securely to the organization’s information systems and access only the data that they need. Management on the other hand will be able to limit access to sensitive information that can be misused by third parties. It will also be possible to keep track of the information that different employees are able to access and as a result quickly identify any cases of unauthorized access. 

Process to evaluate the change

The change will be evaluated based on the ability of the organization to continue operating normally without any delays caused by the inability of employees to adopt the new procedures. Employees should be able to log into the organization’s systems and access data they need for their day to day operations. Staff should also be able to only view the information they need and are authorized to access. The overall system security of the organization should improve significantly after the implementation of these changes.

References

Solomon, M. G. (2014). Security Strategies in Windows Platforms and Applications. Melbourne: Jones & Bartlett Learning.