Implementing Network Access Control – Access Control Strategy Report

This assignment has two parts (Implementing Network Access Control and Access Control Strategy Report), please submit them separately.

Implementing Network Access Control

Companies face stronger regulations, such as HIPAA, SEC/SOX, and PCI DSS, which makes Network Access Control more critical.

• • Using the Google search engine, search for the following term: Security Controls Implementation Plan. Click here to open the pdf from SANS.org called “Implementing the Critical Security Control“. Summarize the process to implement the CIS critical Security Controls. Out of the list of twenty controls, pick the top two pertinent controls that every company should implement. Explain your reasoning. Explain the best approach to determining which controls should be implemented first.

Access Control Strategy Report

Your recent endeavors to convince upper management at LOTR Experience not to cut the security budget have paid off. After hearing your rationale, management agreed to keep the existing budget intact.

As you have consistently proven your value to leadership, you and your team have now been asked to determine the best approach for mapping access controls. For this scenario, your goal is to assess the necessary requirements and provide guidelines that will sufficiently meet the organization’s current needs.

Write a report to management in which you:

1. Analyze access control best practices and determine the best strategy for LOTR to implement. Provide three sites or links within the analysis that could be used as guidelines for your team.
2. After assessing the LOTR diagrams, define all subjects and objects. Explain how they relate to the access control strategy you recommend.
3. Outline how your team will approach the implementation phase of the access control strategy.
4. Describe administrative strategies related to the creation and deletion of new accounts.
5. Use at least three quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources.

The specific learning outcomes associated with this assignment are:

• Examine methods that mitigate risk to an IT infrastructure with confidentiality, integrity, availability, and access controls.
• Determine appropriate access controls for information systems within IT infrastructures.
• Diagnose risk from unauthorized access to IT systems through proper testing and reporting.