Assignment#2

.doc

School

Drexel University *

*We aren’t endorsed by this school

Course

ISSC421

Subject

Information Systems

Date

Jan 9, 2024

Type

doc

Pages

3

Uploaded by bs1090

Report
ISSC481 - Week 2 Your Name : Fill in your name above, put your answer below each question, and then return this document for grading following the instructions in the syllabus. Use examples from the readings, or from your own research , to support answers. In your own words, explain why each of the following is considered bad practice: Shared accounts Using shared accounts, where multiple users would have access to the same account credentials, is considered bad practice for several reasons. Firstly, it compromises security and privacy since sharing login information increases the risk of unauthorized access (Turner, 2022). Which could lead to data breaches or misuse of sensitive information. Secondly, accountability would be nonexistent when multiple individuals are sharing the same account (Shared accounts, n.d.; Turner, 2022). It would become impossible to track the specific actions of an individual, hence it would hinder the auditing and accountability process. Lastly, shared accounts will make it difficult to enforce access control policies (Turner, 2022). Which will limit the ability to restrict privileges based on roles and responsibilities. Unique user accounts, no password required Having unique user accounts without password being required is a security flaw. Passwords are the first line of defense against unauthorized access and protect sensitive information (Microsoft, n.d.). Without passwords, there is nothing preventing anyone from gaining access to the user account, which makes it easy for malicious actors to exploit vulnerabilities. Having no password undermines the CIA triad by making it impossible to ensure that only the authorized users can access their respective accounts. It would also hamper accountability since actions taken within the accounts cannot be attributed to specific users. Therefore, unique user accounts should be required to have passwords to maintain the integrity and security of digital systems. Unique user accounts, password never needs to be changed On the contrary, it is not considered bad practice to have a unique user account and never changing the password. When forced to change passwords, users are often changing their passwords ever so slightly that it is like the old one (Emma, 2016). That new password could also be a password that was used somewhere else (Emma, 2016). Also, the new password will be more likely to be written down because new passwords can often be forgotten (Emma, 2016). There are times where the password would be recommended to be changed. Such as during a data breach or when the password is believed to be compromised. Administrators have used their privileged accounts to perform basic user activities Administrators should never use their privileged accounts to perform basic user activities. Privileged accounts have elevated access rights and permissions that allow administrators to make significant changes to the systems and network (Nayyar, 2021). Using privileged accounts for basic user activities will only expose the system to
unnecessary risks from accidental or malicious actions (Nayyar, 2021). Users should always use the account with the minimum access rights necessary to complete their job. Write a short policy (2-3 paragraphs) dealing with these issues. Shared accounts will be prohibited within the organization. All users will be required to have individual accounts tied to their unique identity. The use of shared accounts will compromise security and privacy. All users will be required to have a strong and unique password in accordance with the organization password policy. Administrators are prohibited from using their privileged accounts for basic tasks. Standard user accounts should be used for basic tasks, promoting the principle of least privilege to ensure secure practices. This policy will be enforced by the IT department with regular audits to ensure compliance. Employees that are found in violation of the account management and access control policies will face disciplinary action to include suspension, loss of privileges, or termination of employment. It is the responsibility of all employees to familiarize themselves with the new policy and adhere to its guidelines.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help