CASE STUDY 1
Building an Access Control System
As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door.
Create a 3-4 page project plan for this project in which you:
Include a one-half page project scope statement.
Define five (5) major tasks, each with one to two (1-2) subtasks. Also write a brief description for each task.
Create a Gantt chart illustrating the
…show more content…
The non-functional requirements are the attributes of the system; these include: reliability, performance, cost, system quality attributes, and the challenges encountered during installation.
Steps of Implementing the Project
To complete the installation, the following steps would be accomplished to successfully install the access control system.
Analysis
The analysis of the problem should take a day. At the analysis stage we determine the solution. The solution has been identified as the installation of the access control system. At this stage the system parts are identified; they include input, output, communication devices, power supplies, detection devices, intelligent panels, card readers, lock hardware, the actions and the response of the system in case of violation of the input requirements or failure of the system.
Design
The design of the access control system involves coming up with ways of creating or installing the access control system. The phase should take two days. The system would have a security camera controlled by a proximal card reader when the actions are triggered. After completing the design of the system, the identified materials and hardware are to be purchased from various stores.
Programming
The computers controlling the security camera in the control center will be reprogrammed to ensure they can control the access control system installed in the doors. The relevant
2.1Common Control IdentificationDescribe common security controls in place in the organization. Are the controls included in the security plan?
• Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and
Electronic Access:-Identification/access badges issued to employees and approved badge, this will be operated by an on-site guard, which will also be operated remotely from Security Operations Center.
When a credential is put forward to a reader, the reader sends the credential’s information to a control panel. The control panel compares the credential's information to an access control list which then accepts or denies the presented request, and sends a transaction log to a database. If there is a match between the credential and the access control list, the door is unlocked and when it is denied the door remains locked. The reader usually provides feedback, such as a flashing red LED for
Thesis: The decisions that need to be made when determining the types of access control you will need, along with the types of access control systems that are available and how they are used.
Key cards controls may be implemented if allowed, increased logs can help track items such as keys, clean desk polices can be instated to prevent unauthorized access to data, and polices can be tailored around the multi-tenant environment to ensure employees are aware of the risks involved. Moreover, having someone manning the entrance to the tenant space is a good method for staving off security issues in a multi-tenant environment (Gibbons Paul, 2005).
The policies and procedures will be implemented using access control models. These models will work to enforce the rules and objectives of our security policy and will also dictate user access. Using a discretionary access control (DAC) model will allow the owner of the resources to control who has access as well as the operations that can be performed. Access will be based on the identity of the user and the role that the user plays within the company. This can be done through access control lists (ACLs), where permission is granted on a need-to-know basis.
Every business needs a security policy that provides authentication, access control, secrecy, data integrity, and audit. (Schneider, 2009) Authentication will determine who is trying to access the information system. Access control determines who is allowed to log on and access information. Secrecy determines who is permitted to access certain information. Data integrity determines who is allowed to change data. And, audit determines who or what causes specific actions to occur and when.
The Common Criteria also note the following: “security policies defined for systems … used to process classified or other sensitive information must include provisions for the enforcement of discretionary access control rules. That is, they must include a consistent set of rules for controlling and limiting access based on identified individuals who have been determined to have a need-to-know for the information.” (Kim, 2012)
An essential component of access control has been secure and safe domain which is composed of a collection of end users as well as objects handled with a typical security plan and based on an individual authority. Together with the rising of shared sources, unauthorized accessibility to data by unlawful users additionally heightens, it has been essential to secure information via user validation and access control procedures (Yang, 2007).
Access control is a significant area to be covered. Access Control Mechanisms are comprised of Access Control Lists
Table 2 identifies the controls applicable to Sentara IT System. The security controls are illustrated using various colour codes and identified by the following convention:
Physical security entails restricting physical access to controlled buildings, installations, information, facilities, and personnel by unauthorized individuals. Access control may prevent potential intruders, delay or frustrate intruders, and monitor and detect intruders. These methods are classified under physical barriers, perimeter security, identification systems, and electronic/mechanical barriers. Different methods of access control can be designed to respond to different physical security needs. However, it is worth to note that no stand-alone method of access control is effective and thus to improve effectiveness and performance, two or more methods should be used in combination. This paper examines various methods of access control and their effectiveness in relation to the physical security.
It may not be understood that the purpose of access controls is to prevent unauthorized access. Without clear instructions the proper use of e-mail and web browsing may not
In the United States everyone is concerned about safety in their homes and in his or her workplace. Individuals go to great lengths to ensure that all their possessions that they own could not be stolen from them. According to the 1999 FBI Uniform Crime Reports, nationwide 408,217 robberies were committed with the estimated amount of losses being reported at $508 million in losses. Many measures can be put in place to prevent such losses. This paper will discuss physical security and other components such as building security, grounds security, access control systems, perimeter security, information systems, and technology security.