Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW

Essay on Access Control

Introduction

Access control is part of our day-to-day activities and also a crucial tool for IT and data specialists in a firm. These controls allow certain employees in an organization to gain accessibility to a certain application or system. Through this, the company will be able to attain the best network and system security standards while still being in-line with the various regulations and practices set for the industry (Eden, 2002). For example, any employee can access the system files to view various marketing clients on the top list while only employees in the finance department can access details pertaining to the top clients regarding their investments, queries, finance bloc etc. Moreover, the firm is able to retain client confidentiality and privacy by ensuring all employees understand the data and network security guidelines and regulations that must be upheld (. Previously Castillo’s Consultation Company expanded its network and infrastructure whereby their system needed better access control methods to be established since they were using a shared network.

Access Control Methods for Various Systems

Access control has been used by the company to protect its resources from unauthorized access by an individual or a group of individuals. In light of this, Castillo company has engaged the use of authorization in rooms requiring authorized access. Through a knowledge management system, the IT specialists have specific individuals on the authorization file with all the security access to server rooms, security footage room and also the company’s network tunnel. The company is then able to ensure that all the company data and sensitive confidential information is in safe hands with only few individuals having access to such information (Collins, 2013). Also, various security standards have been set to ensure that the user being granted access is the right user. For example, the company has constructed a new cybersecurity office which requires biometrics to access for authorized employees. The firm has provided physical access control methods to employees by issuing ID badges that grant them access to those rooms and also by using a fingerprint scanner to ensure that the information on the badge matches the fingerprint of that individual (Bertino & Samarati, 1993). Therefore, in case of a breach, the security log can be checked to see who accessed the system, what time did they access and what applications did they access.

The company has also used the new employee management system to ensure that all the new users in the system are authorized by the administration department, and by also being provided with new user access credentials that give them access to the needed functionalities of the employee only (Rosenthal & Blaustein, 2009). For example, through the administrative access control method, all employees engaged in using the company’s network and system have to be first issued with authorization by the administrative department, whereby the administration has been given the privileges to sign in new employees to the system while also eliminating employees who left or revoking access for employees on leave. In instances that require overall access since the network is shared, the company, for example, has to give all employees full access on the company’s website and file sharing protocols by limiting the ranges of IP address being able to access the network and by also limiting the number of new users being able to access the network, so as to allow for a narrow gap of investigations in case of a data breach (Tellabi & Ruland, 2018). This will be possible by engaging a technical control access method on the company’s systems network and applications.

Ways of Protecting the New Expanded Network

Network security is one of the most important aspects of a company and also an emerging trend in network security in this era. By recognizing this fact, Castillo company has used its IT specialists to ensure that the new expanded network is accorded the highest security standards in order to ensure that all the sensitive, crucial and confidential data and information is kept safe from unauthorized access by unwanted individuals. The company has therefore used DHCP in their system to help them configure the IP addresses that are authorized to be handled by that specific network (Lockhart, 2006). This makes the network more secure as it will limit the number of IPs that have been assigned a configuration protocol. The company has also encrypted passwords on the network by using Wi-Fi Protected Access on the network router in an aim to ensure that the company employees use a reliable and well encrypted network (Dowling, 2012). Moreover, with the high increase in clients and customers in the company, the management has been able to use the web application firewall to protect sensitive information on clients purchases and dealings with the company. In doing this, the company aims at ensuring that they protect its network line so as to facilitate strong security protocols and standards that satisfy both the company’s stakeholders and clients.

SSO and VPN Technologies

Single sign-on technology is a type of technology that uses different application login platforms into one. This technology allows a user to enter login requirements one at a time in a single page to access all the resources they need. This eliminates the need to enter login credentials for individual applications and systems. This will then allow users to sign in only once and the login credentials entered are communicated to other applications and systems (Hu & Chen, 2010). However, this tool cannot be used in the company as it will enable the sharing of personal login credentials to other systems and applications which will minimize the confidentiality of sensitive data and information. Moreover, the company has a system whereby all new users in the network are issued with special login information.

The VPN technology is in place as an access control mechanism that encrypts connections over the internet connectivity to establish the safe transmission of confidential data. This allows a user to conduct their work remotely without other people in the network traffic eavesdropping on their transactions (Berger, 2006). In this instance, it is hard for the company to engage in using VPN technology since they are using a shared network which will make it hard for this perspective to be employed. Moreover, some VPNs that allow the setting of the private network between multiple offices are limited. Some which allow the VPN to be set on the router so that the router can act as a central point, may not be applicable in this company as it is expanding its infrastructure and resources, therefore the employees are connected to more than one router but all on the same network tunnel.

References

Berger, T. (2006, April). Analysis of current VPN technologies. In First International Conference on Availability, Reliability and Security (ARES’06) (pp. 8-pp). IEEE.

Bertino, E., Jajodia, S., & Samarati, P. (1993). Access controls in object-oriented database systems—Some approaches and issues. In Advanced Database Systems (pp. 17-44). Springer, Berlin, Heidelberg.

Collins, L. (2013). Access Controls. In Computer and Information Security Handbook (pp. 1015-1021). Morgan Kaufmann.

Dowling, M. (2012). Enabling remote working: protecting the network. Network Security2012(3), 18-20.

Eden, B. (2002). Security Transformation: Digital Defense Strategies to Protect Your Company’s Reputation and Market Share. The Bottom Line.

Hu, J., Sun, Q., & Chen, H. (2010, October). Application of Single sign-on (SSO) in Digital Campus. In 2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT) (pp. 725-727). IEEE.

Lockhart, A. (2006). Network Security Hacks: Tips & Tools for Protecting Your Privacy. ” O’Reilly Media, Inc.”.

Rosenthal, A., Seligman, L., Chapman, A., & Blaustein, B. (2009). Scalable access controls for lineage. MITRE CORP BEDFORD MA BEDFORD United States.

Tellabi, A., Sassmanhausen, J., Bajramovic, E., & Ruland, K. C. (2018, July). Overview of Authentication and Access Controls for I&C systems. In 2018 IEEE 16th International Conference on Industrial Informatics (INDIN) (pp. 882-889). IEEE.

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics