Access Control SystemsAccess Control Guidelines based on Data Classification
Assignment Requirements
Assume you are a security engineer for a corporation. This corporation has developed a classification scheme as follows:
|
Classification
|
Risk Level
|
Types of Data
|
|
Public
|
Low
|
Stock Reports, News Releases
|
|
Internal Use
|
Low
|
Network Diagrams, Security Policy
|
|
Confidential
|
Medium
|
System Configuration Procedures, Vulnerability Testing Results
|
|
Restricted
|
High
|
Payroll Data, HR Benefits Claims
|
For this assignment, put together some guidelines for the engineering teams in protecting the data types above. For each classification, what components would you require (for example, firewalls, IDS, 2 factor authentication, AV, etc..)