During your first week as an Information Systems Security director, you met with the Chief Information Officer (CIO). During the meeting, he revealed to you his deep concerns regarding the security features that control how users and systems communicate and interact with other systems and resources. The CIO asks you to develop access control in a well-organized and appropriately documented program. The program and measures that your company’s senior managers will implement must be properly designed and put into policy.

One common approach to designing access control is to use categories of access controls to effectively document and communicate policy to the user community. These controls can logically prevent users from violating policy. They can also determine when violations have occurred and take action when violations take place. Finally, these controls can dictate how the organization will return to normal conditions after violations take place.

• In section 1, describe the seven primary categories of access controls system options managers may choose to implement. Include a description of each control and explain a situation for when the manager would choose the control for implementation.
• The CIO is very concerned about suspicious network activity. In section 2, describe the technical or logical controls managers would implement to detect when suspicious activity occurs on a network and report this to administrators.
• Additionally, many senior executives are concerned that the IT systems may not be able to handle incidents. In section 3, describe which access control category you would recommend managers to implement for catastrophic incidents.
• In section 4, the access control categories discussed in the previous sections serve to classify different access control methods based on where they fit into the access control time continuum. However, another way to classify and categorize access controls is by their method of implementation. For any of the access control categories, the controls in those categories can be implemented in one of three ways: Administrative, Logical, or Physical. Explain each access control type and provide implementation recommendations for managers.

While there is not a specific page requirement for this assignment, students are required to fully develop ideas and answer questions to the point that no further questions are left in the mind of the reader. If the instructor can clearly find the answers to their questions, the ideas within the report are fully developed. If there are unanswered or under-answered questions, further development of the report is required.

Keep the following in mind:

• More words do not necessarily indicate more meaning.
• When an employee is tasked with a project in the workplace that requires a report, the report should fully answer all the questions needing to be answered. In this school environment, students are learning how to prepare such documents.
• Consider your audience. Although instructors are very knowledgeable on the subject matter, they need to verify that the student has absorbed the material through a written report. Students should therefore write to an audience of a co-worker or classmate who does not know the answers to the questions posed.
• For students who are more comfortable with more specific guidelines, ideas can generally be developed in one to three paragraphs. The goal of writing in this class is to demonstrate what you have learned.

Assignment grading will be based on answer quality, logic/organization of the paper, and language and writing skills, using APA format and the following rubric.

Access Control Program

Criteria

Unacceptable

Below 70% F

Fair

70-79% C

Proficient

80-89% B

Exemplary

90-100% A

1.  Describe the seven primary categories of access controls.

Weight: 30%

Did not submit or incompletely described the seven primary categories of access controls.

Partially described the seven primary categories of access controls.

Satisfactorily   described the seven primary categories of access controls.

Thoroughly described the seven primary categories of access controls.

2.  Describe the technical or logical controls managers would implement to detect suspicious network activity.

Weight: 15%

Did not submit or incompletely described the technical or logical controls managers would implement to detect suspicious network activity.

Partially described the technical or logical controls managers would implement to detect suspicious network activity.

Satisfactorily described the technical or logical controls managers would implement to detect suspicious network activity.

Thoroughly described the technical or logical controls managers would implement to detect suspicious network activity.

3.  Describe which access control category you would recommend managers to implement for catastrophic incidents.

Weight: 15%

Did not submit or incompletely described which access control category you would recommend managers to implement for   catastrophic incidents.

Partially described which access control category you would recommend managers to implement for catastrophic incidents.

Satisfactorily described which access control category you would recommend managers to implement for catastrophic incidents. 

Thoroughly described which access control category you would recommend managers to implement for catastrophic incidents. 

4. Explain access control types and provide implementation recommendations for managers.

Weight: 25%

Did not submit or incompletely explained access control types and did not provide implementation recommendations for managers.

Partially explained access control types and provided implementation recommendations for managers.

Satisfactorily explained access control types and provided implementation recommendations for managers.  

Thoroughly explained access control types and provided implementation recommendations for managers.

5. 3 references

Weight: 5%

No references provided.

Does not meet the required number of references; some or all references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 6 errors present

5-6 errors present

3-4 errors present

0-2 errors present

If you have any question please email me.