outline

I. Introduction

Thesis statement: The operations security should offer protection and security to the operations of an enterprise, while ensuring the technologies needed when maintaining network and resource availability are secure.

II. Body

A. Access control in relation to risk.

1. Integrating intrusion detection is the cornerstone of many organizations.

2. Poor access control can expose an organization to unauthorized access control.

B. Access control in relation to threat.

1. Internal threats are from people with legitimate access.

2. Once a network is compromised, intruders can misuse a system of an enterprise.

C. Access control in relation to vulnerability.

1. Allowing primary keys to change the user records of another person.

2. Evaluating privilege i.e acting as a user without necessarily being logged in.

D. Defining the scope of the audit.

1. For most enterprises, this will include both the managed and unmanaged devices and machines.

2. The scope should include access layers, wired, wireless, and VPN connections.

E. Prioritizing and risk scoring.

1. Analyzing the cyber security trends.

2. Analyzing compliance to protection measures.

F. Assessing implementation of the current security measures.

1. Ensuring initial security posture is available.

2. Ensuring all connected devices have the latest security patches.

G. Access control in maintaining network confidentiality.

1. Access to information is restricted to only those with the authorized access to data.

2. Strong passwords protects enterprises from social engineering attacks.

H. Access control in maintaining integrity.

1. Maintaining consistency, accuracy, and trustworthiness.

2. Access control is used in preventing unintentional changes.

I. Access control in maintaining availability.

1. Access control is important in keeping up with system upgrades.

2. Safeguards against interruptions in connections and data loss.

J. It is a fundamental concept in security minimizing risks to an organization.

1. Organizations use electronic access control relying on user credentials.

2. Access control systems perform identification authentication and authorization of users.

K. Security controls work through identifying an individual, verifying the individual and authorizing the access level.

1. Directory services and protocols provide access controls.

2. Organizations use different access control models based on their compliance requirements.

L. Need for organizations to implement access controls in relations to maintaining confidentiality.

1. How can a person sitting behind a computer screen identified?

2. Authentication can be accomplished through identifying someone through different factors.

M. Need for organizations to implement access controls in relations to maintaining integrity.

1. Ensuring computer users can only access information resources that are appropriate.

2. A list of users with the ability of taking specific actions should be created.

N. Need for organizations to implement access controls in relations to maintaining availability.

1. Enterprises need to transmit information over internet or through an external media.

2. An alternative to symmetric key encryption that organizations need to consider is the public key encryption.

O. Necessary components within an organization`s access control metric.

1. Discretionary access control (DAC)

2. Mandatory access control (MAC)

3. Attribute based access control (ABAC)

III. Conclusion

A. Offering protection and security to the operations of an enterprise will offer security to the technologies needed when maintaining availability of network and resource.