IS3230 Access Control Proposal
ITT Technical Institute, Tampa FL
Instructor: David Marquez
22 May, 2014
Integrated Distributors Incorporated (IDI) will establish specific requirements for protecting information and information systems against unauthorised access. IDI will effectively communicate the need for information and information system access control.
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level…show more content…
System access monitoring and logging - at a user level.
Role management so that functions can be performed without sharing passwords.
Password admin processes must be properly controlled, secure and auditable.
User Access Management
Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.
A request for access to IDI’s computer systems must first be submitted to the Information Services Helpdesk for approval. Applications for access must only be submitted if approval has been gained from Department Heads. When an employee leaves IDI, their access to computer systems and data must be suspended at the close of business on the employee’s last working day. It is the responsibility of the Department Head to request the suspension of the access rights via the Information Services Helpdesk.
It is a user’s