Reference no: EM133086451

A. Access control plan

Access controls provide the ability to allow or deny access to critical information and devices on a network. Access controls can be physical or logical.

Develop a plan for implementing access control models in an enterprise level network based on the principle of least privilege. Make sure to address the following:

1. Which of the elements of access control would you use in your plan? Would you use them all? Why or why not?

2. What are some of the best practices concerning access control? For example, multi-factor authentication, biometrics, or minimizing secrets.

3. Defend the strategy for your plan using the principles of cybersecurity.

B. Security Policy

A well-written security policy will clearly define the limits of computing infrastructure to the end users. Security policies should be simple, explicit, and avoid hidden implicit elements that are controlled by the system, which users may misunderstand.

1. Research any computer security threat or a recent attack. Select one element of the threat or attack (e.g., "Complex Passwords").

2. Write a security policy for your selected element and explain the basic security implications of a specified security threat or a recent attack, as well as how the implementation of the policy will protect the system.

3. Your policy, at a minimum, should include a title, purpose of the policy, scope, details of the policy, compliance, author, and review date.

4. Your policy should be written using an industry-standard policy format.

5. Your policy should explain how any user interface issues could affect the implementation and perception of security mechanisms, as well as the behavioral impacts of the policy.

6. Your policy should explore the tension between user security and convenience, which results in user behaviors that undermine system security. How can you develop the right balance?