IS3230 Final Project Chris Wiginton

1365 words 6 pages
IS3230 Access Control Proposal
Chris Wiginton
ITT Technical Institute, Tampa FL
Instructor: David Marquez
22 May, 2014

Proposal Statement
Integrated Distributors Incorporated (IDI) will establish specific requirements for protecting information and information systems against unauthorised access. IDI will effectively communicate the need for information and information system access control.
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level
…show more content…

The normal operation of the network must not be interfered with.
User Authentication for External Connections
Where remote access to the IDI network is required, an application must be made via IT Helpdesk. Remote access to the network must be secured by two factor authentication. Supplier’s Remote Access to the Council Network
Partner agencies or 3rd party suppliers must not be given details of how to access IDI ’s network without permission. All permissions and access methods must be controlled by IT Helpdesk. Operating System Access Control
Access to operating systems is controlled by a secure login process. The access control defined in the User Access Management section and the Password section above must be applied. All access to operating systems is via a unique login id that will be audited and can be traced back to each individual user. The login id must not give any indication of the level of access that it provides to the system (e.g. administration rights). System administrators must have individual administrator accounts that will be logged and audited. The administrator account must not be used by individuals for normal day to day activities.
Application and Information Access
Access within software applications must be restricted using the security features built into the individual product. The IT Helpdesk is