Access Control FInal Project
Project: Access Control Proposal
IS3230 - Access Control
1.1 Title of the project
Access Control Proposal Project for IDI
1.2 Project schedule summary
The project will be a multi-year phased approach to have all sites (except JV and SA) on the same hardware and software platforms.
1.3 Project deliverables
• Solutions to the issues that specifies location of IDI is facing
• Plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability
• Assessment of strengths and weaknesses in current IDI systems
• Address remote user and Web site user’s secure access requirements
• Proposed budget …show more content…
The desktop phones have not been replaced or upgraded during this time.
There is a lack of separation of duties between the network operations and the accounts receivable department and there is evidence of nepotism and embezzlement.
2.3 Sao Paulo, Brazil
Vendors are unwilling to sign a service agreements.
No Malware or anti-virus installed
The Security policy is in Spanish
No account auditing for user accounts
Users writing down passwords, disgruntled users stealing info, Social Engineering
Workstation Viruses, Malware, Unpatched Systems, Low restrictions on Firewall
Suspicious Traffic, Server Level Virus Threat Medium
Unauthorized traffic moving from Firewall to LAN to WAN
VLAN 1 is being used, traffic flow not segmented properly
VPN not Secure properly; Hackers capture traffic
Patching out of date
4.1 Data Center
Consolidate 14 Hewlitt-Packard (HP) Unix servers to 1 Unix server
Upgrade 75 Microsoft (MS) Windows servers to Windows SQL server 2012 R2
Upgrade MS exchange e-mail to latest version
Find another software vendor to replace Oracle