The organization ORD is an organization of 4000 staffs in the various departments. The ground level of the building includes entrances, training rooms, computer labs and the workstations. Proper access control is to be implemented in from controlling the access and monitoring the access of the workstations. Access control is a selective restriction of the access to a place or a resource. The access here refers to the consuming, entering or using. Different locks and the login credentials of the access control mechanism can be imposed for controlling the access to the workstations of the building. The different physical and logical access control mechanism that can be employed for the workstation are discussed in the following paragraphs –
The entry to the organization is through the main entrance of the ground floor or through the parking lot that is situated in the basement. There is only one main door of entrance to the building apart from few fire exists. The fire exits can be accessed only during an emergency, as it needs the breaking of the glass plane for its access. Therefore, a CCTV surveillance would be enough for access control or monitoring who are taking advantage of the fire exits in accessing the building .
The access control methodology can be broadly divided into two phases physical and logical. The physical access control is mainly used for controlling the access to the campuses, building, rooms and different physical IT assets. Logical access limits the access of the computer networks, system files and the data.
The foremost physical security access control of the system is to be imposed in the main entrance of the building. The workers and the staffs can access the building only by showing their identity card and providing the fingerprint. The fingerprint scanner system is installed in the main entrance and the employees are allowed the entrance only after the successful verification of their identity. This can be termed as ID proofing as well. This prevents the risk of providing entry of the unauthorized person into the workstation and therefore it is an effective access control methodology.
However only imposing the access control in the main entrance would be a problem for the visitors of the organization. They might find difficulty in accessing the building for business related tasks. Therefore, providing access to the building to the visitors is essential. However, imposing access control to the visitor of the building is essential for preventing the unauthorized access. Therefore, introduction of the visitor’s card is an important and effective access control methodology. The visitors are to be escorted inside the building only after the successful verification of their identity. The visitors to the building are required to sign in by providing their essential and detailed information.
Separation of the duties is essential for limiting the number of employees who can access the workstation is another important access control method. 24 hours CCTV surveillance can be imposed in the entry of workstation for monitoring who can access the system. However, controlling and securing the CCTV server room is necessary for unethical access or the modification of the data. CCTV server is vulnerable to attacks and therefore imposing a properly tested system is necessary.
Furthermore, the entire information system that is to be imposed uniquely identifies and authenticates the source and the destination of the transfer of the information. The access of information in the workstation should be subjected to three factors Authentication.
Lock Out policy can be imposed in the entrance of the workstation as well as the access to the information. This prevents the users from guessing the password. This is because if a wrong password id entered for a specific number of times, the system gets locked.
The access control methods that can be employed to the different rooms of thee ground floor includes the CCTV surveillance. This can be coupled with the password protection in the entrance of the rooms that needs extra monitoring.
The access control over the equipments can be imposed by the introduction of the smart card. Only the authorized persons will be allowed to access the equipments and the data of the workstation to prevent unauthorized access of the equipments. The smart card provides the confidentiality, integrity, authentication and the non-repudiation.
The different categories of controls imposed on a system include detective controls, deterrent controls, preventive control, corrective controls, recovery controls and compensating controls. Preventive control is mostly recommended for the organization, as it helps in blocking or controlling the specific events. Furthermore, it is essential for the organization to ensure a proper testing to all the imposed access control to ensure whether they are working properly. The different testing procedures include penetration tests, application vulnerability tests and code reviews. Penetration testing periodically scans all the systems to discover the vulnerabilities of the system. It uncovers the potential vulnerabilities in the open services. The tool that is used in this case is Nessus.
Conclusion:
Therefore, from the above discussion, it can be concluded that imposing access control in the entrances, ground floor and workstations in the building 402. The access control that is recommended to be imposed in the entrance is the ID proofing along with the finger print scanner. This would allow only the registered people to enter into the building. The report further discusses the different security measures and the access control mechanisms that can be imposed on the equipments and to the different rooms of the building. The major among them is installation of CCTV cameras in different areas including the fire exit. The different control mechanism of the access control systems are further discussed in the report. The appropriate tool that can be used penetration testing of the access control system imposed is Nessus.
References:
Ayed, Mourad Ben. “Systems for three factor authentication.” U.S. Patent 8,190,129, issued May 29, 2012.
Banerjee, Salil P., and Damon L. Woodard. “Biometric authentication and identification using keystroke dynamics: A survey.” Journal of Pattern Recognition Research 7, no. 1 (2012): 116-139.
Basta, Alfred, Nadine Basta, and Mary Brown. Computer security and penetration testing. Cengage Learning, 2013.
Cerruti, Julian A., Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, and Eric Wilcox. “User password protection.” U.S. Patent 8,353,017, issued January 8, 2013.
Chen, Bae?Ling, Wen?Chung Kuo, and Lih?Chyau Wuu. “Robust smart?card?based remote user password authentication scheme.” International Journal of Communication Systems 27, no. 2 (2014): 377-389.
Fennelly, Lawrence. Effective physical security. Butterworth-Heinemann, 2016.
Hu, Vincent C., D. Richard Kuhn, and David F. Ferraiolo. “Attribute-based access control.” Computer 48, no. 2 (2015): 85-88.
Nam, Yunyoung, Seungmin Rho, and Jong Hyuk Park. “Intelligent video surveillance system: 3-tier context-aware surveillance system with metadata.” Multimedia Tools and Applications 57, no. 2 (2012): 315-334.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download