Based on your training, as your assignment, I would like you to design a remote

Question

Based on your training, as your assignment, I would like you to design a remote access control policy for Richman using the appropriate access controls for systems, applications, and data access. Include the design and justification for using the selected access controls for systems, applications, and data access.

Goals of the company and some details on our company expansion plan.

Richman Investments wants to expand its business operations both in the U.S. and in foreign countries. It intends to eventually have 10,000 employees in 20 countries. The Richman corporate headquarters is located in Phoenix, Arizona, with eight branch offices in the U.S. Our North American offices have 5,000 employees who use desktops, mobile computers, and wireless devices.

The Phoenix office has an Internet connection to all remote offices because redundancy is crucial to the company. There are several sensitive applications that all offices use. The management from each office shares application information that is hosted at the corporate office.

the following are a few concepts that you should brush up on as you attempt this assignment:

1-Methods that can be used to connect remotely, such as a dial-up connection or a virtual private network (VPN)

2-Requirements for user systems before they are allowed to connect

3-Terms of use associated with remotely connecting to the network

4-Policy enforcement

Explanation / Answer

1.Authorization-

Richman Investments must define rules as to who has access to which computer and network resources.

My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this.   

Group policy would allow the administrator to assign different privileges to different groups.   

The admin would then assign different individual users to those different groups.   

So the users permissions would depend on the permissions of the group they were a member of.   

With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires.

2.Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN

3.Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge, or token. Using a combination of ownership authentication and knowledge authentication proves to offer better security.

4.Accountability- Richman Investments must hold users responsible for what they do on the system. Log files can be used to detect, prevent, or monitor access to the system. Due to all the different privacy laws, RI must also secure its data. This will involve how data is retained i.e storage, how media is disposed of, and following compliance requirements.

Related Questions

Navigate

• Browse (All)
• Browse B
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.