Premium Essay

Project: Access Control Proposal


Submitted By kshelby12
Words 2458
Pages 10
Project: Access Control Proposal * Phase I: Risk mitigation plan to identify critical IT assets * Phase II: Policies and procedures for protecting the IT assets
I. Introduction 2
II. Diagram of the proposed solution 3
III. Phase I:Access Control Risk Mitigation 3 1. Identified Treats and vulnerabilities 3 2. IT assets 4 3. Treats and vulnerabilities per IT Domain 4 4. The System Security Team 5 5. Access Control Plan 5
IV. Phase II: Policies and procedures for protecting the IT assets 6 1) General Security Practices for VPN Remote Access 6 2. Protecting Cyber Assets: Secure Interactive Remote Access Concepts 7 2. How Employee Accesses the Corporate Network 9 3. How external Partners (Vendor) Access the Corporate Network 9
V. Conclusion 13

I. Introduction
Access control mechanisms operate at a number of levels in a system, from applications down through the operating system to the hardware. Higher-level mechanisms can be more expressive, but also tend to be more vulnerable to attack, for a variety of reasons ranging from intrinsic complexity to implementer skill levels. Most attacks involve the opportunistic exploitation of bugs; and software that is very large, very widely used, or both (as with operating systems) is particularly likely to have security bugs found and publicized. Operating systems are also vulnerable to environmental changes that undermine the assumptions used in their design.
The main function of access control in computer operating systems is to limit the damage that can be done by particular groups, users, and programs whether through error or malice.
This project will be conducted in two main checkpoints: * Phase I: The first step in this project is to analyze risk and develop a mitigation plan to identify which assets are more critical. Determining what systems rely on each other

Similar Documents

Premium Essay

Failed Project Essay

...with restricting physical access by unauthorized people (commonly interpreted as intruders) to controlled facilities, although there are other considerations and situations in which physical security measures are valuable (for example, limiting access within a facility and/or to specific assets and controls to reduce physical incidents such as fires). Security unavoidably incurs costs and, in reality, it can never be perfect or complete - in other words, security can reduce but cannot entirely eliminate risks. Given that controls are imperfect, strong physical security applies using appropriate combinations of overlapping and complementary controls. For instance, physical access controls for protected facilities are generally intended to: • deter potential intruders (e.g. warning signs and perimeter markings); • distinguish authorized from unauthorized people (e.g. using pass cards/badges and keys) • delay and ideally prevent intrusion attempts (e.g. strong walls, door locks and safes); • detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV systems); and • trigger appropriate incident responses (e.g. by security guards and police). It is up to security designers to balance security controls against risks, taking into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the controls. Physical access control is a matter of who, where, and when. An access control system determines who is allowed...

Words: 2097 - Pages: 9

Free Essay

Scope of Service


Words: 40549 - Pages: 163

Free Essay

It273 Unit 9 Guide

...Project Grading Rubric Course: IT273 Unit: 9 Points: 70 Project Instructions: Project Instructions: Respond to each of the project requirements and submit all work to the Dropbox as a single file. Project requirements: 1. Callingyou Inc is a growing company providing 24-7 telephone support services for numerous companies. They have asked you to prepare a design proposal for their new office network. They will have two offices with a dedicated T1 line between them and would like each office to be able support sixty employee workstations with internet access, central server access, and VoIP. These workstations will be shared by multiple users as the company operates on shifts to provide 24-7 support. Each office will also have eight management offices. In addition to this office support, they also need to support VPN access for employees working from home. And, support for secure internet access customers visiting the office is desired. The Callingyou Inc executives have no experience with networks but want to be sure that they are making the right decision; so, they have asked that in addition to providing a design that the proposal specifically describe all network design considerations. The descriptions should be thorough but understandable for a layman, and it should be clear how the network design proposed relates to each of those considerations. Your proposal document should be between 4 and 10 pages before including diagrams or references. Visio should be used to generate...

Words: 730 - Pages: 3

Premium Essay

Access Control: Is3230

...Access Control Project Access Control: IS3230 By Andrew Reed November 20, 2012 TABLE OF CONTENTS 1 INTRODUCTION 1.1 Project Title 1.2 Project Schedule Summary 1.3 Project Deliverables 1.4 Project Guides 1.5 Project Team Members 1.6 Purpose 1.7 Goals and Objectives 2 Risks and Vulnerabilities 2.1 Overall 2.2 Billings, Montana 2.3 Warsaw, Poland 3 Proposed Budget 4 IDI Proposed Solution 4.1 Billings, Montana 4.2 Warsaw, Poland 5 Drawings 6 Conclusion 1 INTRODUCTION 1.1 Title of the project Access Control Proposal Project 1.2 Project schedule summary The project will be a multi-year phased approach to have all sites (except JV and SA) on the same hardware and software platforms. 1.3 Project deliverables • Solutions to the issues that the specifies location of IDI is facing • Plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability • Assessment of strengths and weaknesses in current IDI systems • Address remote user and Web site user’s secure access requirements • Proposed budget for the project—Hardware only • Prepare detailed network and configuration diagrams outlining the proposed change • Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and management aspects from each location. 1.4 Project Guides Course Project Access Control Proposal Guide Juniper Networks Campus...

Words: 1198 - Pages: 5

Free Essay

Outsourcing Payroll and Tax Services

...Services 03/15/2014 Table of Contents Project Scope 4 Requirements 4 Procurement Advantages 5 Savings Analysis 5 Procurement Disadvantages 6 Risks 6 Scoring Matrix for Procurement Proposals 8 Contractual Analysis 12 Considerations 12 Proposal Information 12 Legal Compliance Subjects 12 Proposal Questionnaire 12 Instructions to Proposers 13 Project Scope Pro Staffing research of outsourcing payroll and tax responsibilities versus in-house or new software package to evaluate which process will better meet the needs of corporation in both cost and quality of services. The analysis shows the cost savings for the procurement average 31% less than in-house management either by current processes or new software. Risk/ liability for Federal Tax withholding and reports is moved to the vendor. Requirements The solution needs to provide minimal 1. Direct deposit or mail for employees and contractual workers regular payroll, bonus pay, and expense checks 2. Handle workers compensation payment 3. Payroll withholding 4. Payroll tax management 5. Knowledge of international payments to employees or contractors 6. Online payroll management by Pro Staffing 7. Web access with required registration access for previous W2 and payroll check information for up to five years 8. Documents should be printable or delivery by mail 9. Strict documented protocol for access to personnel information either by web or mail ...

Words: 1830 - Pages: 8

Premium Essay

Sec 402 Request for Proposals (Rfp)

...expects top-secret methods for safeguarding proprietary information on its recipes and product lines Note to Proponents: Please be sure to review the RFP document in its entirety before submitting proposals. Submission Format 1. Letter of Introduction • Preferably a one page document introducing the proponent and proponent’s submission. • It should include a brief history of your company and how long you have been in business. 2. Proposed Approach, Project Resources, Costs • An outline of the proposed project approach, process, procedures and timelines in other to meet the objectives of the project. If you have a lengthy document please provide a summary no more than 3 pages. • Performance measures for each of the key result areas (objectives.) • One of the key roles and equipment that needs to be monitors is our servers that monitor our security software on it. This would detail a 24 hours monitoring. • To provide 24 hours support in our Data Center on the QDX servers and threads. • Identification of the project manager and key project support personnel. Include a brief resume of the persons providing the services. • Identify and subcontractors that you would engage to assist in project completion. • An outline of anticipated time requirements and total cost of the proposal. • An outline of proposed hourly/daily rates including a breakdown by activity. 3. Qualifications and References To move to the next stage in the selection process, the proponent must demonstrate...

Words: 1200 - Pages: 5

Premium Essay


...ISS334: Information Systems Security (Project Description) * Each student work alone in this project (individual project). * Each student is required to complete a mid-size project, which includes proposal, implementation, and final demo or paper. * Students will be grouped into teams for the sake of presentations at the end of the semester. Marks allocated for each individual piece of the project are as follows: a) Proposal – 10% b) Project write-up – 22% c) Presentation – 8% Projects include but are not limited to: * Research Paper * You can work on original research problems. The outcome should be a paper with original technical contribution. Your grade on this will be judged on originality, soundness of the approach, and quality of presentation.  * Example Topics: * Vulnerability Analysis * Wireless Security * Intrusion Detection  * Authentication * Access Control * Authorization * DNS Security * Digital Watermarking * New Attacks * Survey Paper * You can write a paper that surveys a particular field on information security. The outcome should be a paper that summarizes the trend in the field you have chosen. Your grade will be judged on the completeness of the survey, the quality of the trend analysis, and the quality of presentation. * Example topics: * Vulnerability Analysis * Wireless...

Words: 1209 - Pages: 5

Free Essay


...August 31, 2007 Dear Potential Offeror, You are invited to submit a proposal in accordance with the requirements set forth in the attached Request for Proposal, (RFP 154:7-061) using Best Value Acquisition procedures. This RFP is being issued by the Virginia Department of Motor Vehicles (DMV) for the purpose of seeking solutions to address the requirements of the DMV CSI Systems Redesign effort as identified in the attached RFP. An original proposal, signed by your contractually binding authority, with 7 full copies and 2 redacted copies, must be received by DMV Contracts and Procurement Department no later than 3:00 p.m. local time on Tuesday, December 4, 2007. An optional pre-proposal conference will be held at DMV Headquarters, 2300 West Broad Street, Richmond, Virginia, Room 702, on Tuesday, October 2, 2007 at 10:00 a.m. local time. Please refer to RFP Section VII for additional information. All questions or inquiries regarding this RFP must be received by Wednesday, October 31, 2007 at 5:00 p.m. local time and must be submitted in writing exclusively to: Nancy M. Davis, CPPB, CPPO, VCO Contracts and Procurement Manager Department of Motor Vehicles Room 319 2300 West Broad Street Richmond, VA 23220 E-mail: Fax: (804) 367-0046 All inquiries must be submitted electronically as indicated in the RFP. Please refer to RFP Section VII for additional information. No verbal inquiries will be accepted. From the date of issuance of this RFP until the...

Words: 37401 - Pages: 150

Premium Essay

New System Proposal Cis/207

...New System Proposal Team B CIS/207 January 16, 2013 New System Proposal Riordan Manufacturing Company is leader in industry, and the company uses polymer materials to create solutions to customers. Dr. Riordan, a professor of chemistry founded Riordan Plastics Inc. by 1993 the company went to Riordan Plastics Inc. to Riordan Manufacturing Company and expanded the company into China. In 1991 the company supported commercial applications for his patent and the customers that use the products are the manufacturer of automotive parts, appliance manufactures, the manufactures of aircrafts, and the Department of Defense (DoD), alone with bottlers, and beverage makers (Riordan Mfg., 2012). The company’s earnings are $46 million and the total revenue excesses $1 Billion. Riordan Manufacturing Company has over 500 employees in Albany GA, Pontiac MI, and Hangzhou China (Riordan Mfg., 2012). Looking into the company’s system, there isn’t any security features established to prevent anyone from accessing information on the company’s intranet. Logins should be required to access the information within the company’s intranet and also should be monitored by the IT department. When the company expanded their operations in to Hangzhou China the fan manufacturing operation moved from Pontiac Michigan to Hangzhou China, team B need to look at the financing and accounting department systems because it was never addressed on the switch, just added more software...

Words: 1392 - Pages: 6

Free Essay

Reloadable Debit Cards Implementation

...Statement of the Purpose The proposal entitled, “Implementation of reloadable debit card on New Era University” aims to attain the following: * To have an easy transaction in payment purposes of the consumers * To lessen the hassle of counting paper bills and coins * To have an accurate record of all billings in school facilities * To lessen the incident of losing large amount of money Background of the Purpose Prepaid card are rapidly growing having been introduced as an alternative to cash. One of the new trends in payment transaction today is the use of reloadable debit cards. These are actually prepaid cards that can be reloaded with value after it is issued. Within the university, for example, a student cannot control overspending of purchases (e.g.) and as a consequence, he might be forced to bring a large amount of money. Doing so, he is also carrying the risk of losing the money because of carelessness. Moreover, taking into consideration that he must convert first his cash into chits before he could buy is also another picture and the cueing problem of the long lines awaits every student which as a result, time-consuming. Whereas, it is also a difficulty on the administration to maintain transactions on a manual basis. The recognition of income would be another question. There are recent events of fraud and mischief with school chits for personal advantages. The impression to their subordinates would not be good on handling such situations...

Words: 2180 - Pages: 9

Premium Essay

Mr Project Mangement

...Retail Corporation (URC) to develop an implementable project plan for a point of sale and stock control system for a proposed chain of retail outlets across Australia. You have been supplied the following information, information not available maybe assumed, this will be a competitive bid targeting the dual goals of quick implementation and low cost. Universal Retail Corporation (URC) is an aggressive player in the growing electronic gadgets market with a plan to open a chain of retail outlets to further their growth in the market and to combat the growing competitive threat from online purchases. Outlets will be located in major cities in seven states. The larger cities will have more than one store. Critical to sales is monitoring sales and stock turn to ensure adequate stock is available when demanded. Each store will be responsible for day-to-day operations, however, there is a strong central management structure at the national level. The services provided by the organization include volume buying to gain discounts, pricing,merchandising strategies, and consolidation of performance reporting for the corporate management.The Information Systems Department at URC's corporate office has been given the assignment to develop a transaction processing system that will apply modern RFID (Radio frequency identification) code scanning, starting at the warehouse and linking to points of sale, to provide automatic inventory control. The system will also relieve the store personnel...

Words: 641 - Pages: 3

Free Essay

How to Boost Communication Through Mobile Devices

...High-Level Implementation Plan 11. Summary of Project 12. References Abstract Johnson Controls has poor communications with all of its departments within the organization. Can Johnson Controls help boost profits and productivity by improving communications and personnel issues? I will conduct a research and create a plan to improve Johnson Controls’ communications and personnel issues. Brief Company Background Johnson Controls employs over 170,000 individuals world wide in several different businesses. The businesses that make up Johnson Controls are building efficiency, global workplace solutions, automotive experience and power solutions. The corporate headquarters is in Milwaukee, Wisconsin and they were number 66 on U.S. Fortune 599 and number 254 on Global Fortune 500. Johnson Controls is traded on the New York Stock Exchanged under the symbol JCI and generated $42.8 billion in sales in 2014. Warren Johnson started Johnson Electric Service Company in 1885. In 1902, the business was renamed Johnson Service Company and grew tremendously by providing regulated temperatures in buildings worldwide and stream-powered cars and trucks. In 1940, Johnson Service Company went public and traded its securities over the counter. The company was renamed to Johnson Controls in 1974 and a few years later acquired Globe-Union, the largest U.S. manufacturer of automotive batteries. Today, Johnson Controls provides a vast array of services and products...

Words: 1959 - Pages: 8

Premium Essay

Project Procurement Management in Information Systems Projects

...Pm3 essay | Project Procurement Management in Information Systems Projects | Mogamat Shaheed Adams (207191948) | | INFORMATION SYSTEMS III (MODULE A) | 21 September 2010 LECTURER: Mr S Dunn | Project Procurement Management in Information Systems Projects ABSTRACT It is becoming increasingly important for information technology professionals to understand project procurement management. Procurement management has become a tool that can save organizations huge amounts of cost. Therefore the emphasis on expert knowledge surrounding the procedures and stages through project procurement management are becoming so necessarily. There are numerous tools and techniques available to project procurement teams to get favourable results and outputs. These outputs become important tools to organizations to use in the future on similar projects. INTRODUCTION Acquiring products or services under contract using outside buyers or sellers has become a very important aspect to many organizations. The reasons is that it reduce both fixed and recurrent costs, allowing client organizations to focus on its core business, organizations can gain access to specific skills and technologies, providing flexibility where extra staff can be provided during periods of peak workload, and increasing accountability because contracts are legally binding. To be successful in project procurement management there are four main processes for organizations to follow. They are planning...

Words: 1954 - Pages: 8

Free Essay

Access Control System

...Case Study 1: Access Control System Antonicia Holmes Course: CIS 210 Instructor: Bagus Adiyanto Strayer University November 5, 2015 Project Scope Statement: The scope of this project is to install an access control system in a dormitory. The ACS (Access Control System) will enable the dormitory door to unlock mechanically by the use of a proximity reader and combine with an existing security camera. The camera is programmed to spin around to point at him/her and video tape the person while he/she use their identification card to unlock the dormitory door. The Five Tasks The project can be carried out in 5 major tasks and each main task can be sub-divided into the following sub-tasks. 1.) Preparation of the Project It is the initial major task; the steps that have to be taken before the system is built. a) Creating a team to help perform with other tasks. b) Surveying the College Dormitory to study the location. c) Creating the design consisting of the dorm’s visual diagrams. d) Examine the current dormitory’s security system to integrate with ACS. e) Preparing proposals to management f) Estimating total cost. 2.) Installation It is the second task; the steps that include manually putting on the hardware required for the ACS, including its cameras and readers. a) Making the Control Panel b) Wiring c) Putting readers on the walls and doors. d) Repositioning the camera to point towards the readers on the external...

Words: 449 - Pages: 2

Free Essay

It Security

...Organizational Overview The Re quest for Proposal is to change the old office phone system to a Voice over Internet Protocol (VoIP) service for a small company with approximately 50 employees with approximately over 700 accounts. The clients currently call in orders using the existing traditional public switched telephone network (PSTN). The Voice over Internet Protocol (VoIP) technology will have an established voice communication and multimedia sessions over Internet Protocol (IP) networks where the orders can be processed at a cost savings. Technology Description The group of technologies: IP telephony, Internet telephony, voice over broadband (VoBB), broadband telephony, IP communications, and broadband phone service are terms commonly related to VoIP. The technology enables the end users to use voice, fax, SMS, voice messaging through the internet to conduct business. Proposal The Request for Proposal lists the instructions for a quote to be submitted timely by the respective vendors. In addition, the description of the project is included and the defined requirements that must be met for consideration. Lastly, the vendor responsibility is defined before and after completion of the project. Specifications The proposal is to switch to VoIP, a hosted phone system with a full set of enterprise features. The intent is to continue to upgrade the system via web browser to ensure the technology continues to remain competitive. The intent is to transition away...

Words: 635 - Pages: 3