Assignment
Case Studies and Examples
In order to understand some of the concepts discussed with access control implementations; It is beneficial to see how they are used in the real world. This section provides three case studies from real-world situations that cover some of the topics previously dianussed.
Private Sector Case Study
A small rex filing company employs contractors for the tax anason. Three contractors handle state taxes, and two of those contractors file federal taxes. The administrator needs to ensure that the two contractors have access to the state and federal fonris for a select number of clients, and that the other contractor has access o.y to the arare returns. The administrator has access to all client information.
The administrator applies access controls to the folders to limit the amount of access to w.t each of the contractors needs. It is also determined that each of these contractors will need his own account on the network. Limiting the amount of access for the three contractors ensures that the client information is kept secure and seen only by the appropriate user. Providing thll access to everyone within the company would create risk the athninisantor is not willing to accept.
Ensuring that each contactor has own user ID allows for Incl.! in case a client is audited and the tan returns need to be reviewed. If addition. access needs to be added for emergency purposes, the administrator grants the access on a tempo, basis. The administrator also audits all of the activities to ensure correct access is provided.
These policies are shared with the clients, who fek secure lthowing that the data will not get rnto the wrong hands. Implementing access controls proves successful for the company, and because the policy was documented and followed, updates can be done easily for anch new batch of contractors.
This case study is an example of implementing a multilayer access control approach. The tan filing company defined the roles that each of the eraployees and contactors had within the organization and defined the access based on those roles. Each contactor was proxided his or her cram user ID for auditing as well, complementing the multilayer approach. The user role allowed contactors to see federal and state forras as appropriate, b. they could not see every client's forms.
Public Sector Example
The U.S. government manages millions of employans, consultants, and contractors. These entities are assigned identity credenti. to access various agencies' networks and systems. In many cases, inthviduals must remember a user ID and password for network access, and another user ID/password combination for each application they access. Although security personnel in each agency manage credentials for their users, the effort is still time-consuming and expensive. Overall security is .so a concern. The current decentralized management of identities allows attackers to move from one syrtem to another without their patterns being noticed right away.
For budgetary and strategic reasons, U.S. government security leaders have been collaborating on a project to create a centralized identity management system. The CIO Council lent a haan to the effort in 2009 by creating an implementation roadmap. The U.S. Department of Agriculture has already started a project to centralthe 70 identity databases. Employees will receive a smart card and a PIN to access multiple databases rather than using unique credentials for each database as they do now. The Department of Homeland Security has started a sanilar initiative as well.
Some of the expanted benefits of a centralized and identity management system include..
• A more consanent approach to secunty
• A reduction of risk in inconsistent policy enforcement and mishandled passwords
• Reduced admanstrative expenses, including help desk calls to reset passwo.
• Better cross-age, communications
Security leaders admit that the cost of implementation will be high, but they believe the cost of doing nothing may be even thgher.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.