ISSC471 Creating Compliance Within User Domain Discussion
Question Description
I need to respond to the below two students discussions with 150 words minimum for each. Below in bold are the questions the students are answering.
1. What are the functional control types? provide an example for each type.
2. What is the principle of least privilege? Why is it important to implement?
3. List and briefly discuss the User Domain Compliance Requirements.
Student one answers:
Hello Everyone,
For this week’s forum post we are to discuss three questions given to us by out instructor.
What are the functional control types? provide an example for each type.
First one our books states is Preventative controls: these are the basics of controls that you can see and feel.These are things like locks doors or especially locked door to a server room would be important.
Detective Controls: I think the better description with the potential environment we all maybe working in is are log analysis tools.Many employees use the organizations computers for many different things.An employee whom would work a Monday through the log analysis tools among an array of tools.
Corrective Controls: This is more of a software tool for instance a proxy server or an antivirus, so then the administration can scan the complete system to find a virus that has infiltrated security.
What is the principle of least privilege? If a user has access to a complete system, the security is ineffective. I am using Air Force computers all the time and I do not have access to most of the folders on the shared network. I only have access to certain folders that pertain to my unit.
Why is it important to implement? This is important because since I have the least amount of privilege with access to folders, I cannot venture off to different folders and look at some data that is not intended for my eyes.
List and briefly discuss the User Domain Compliance Requirements.
In a nutshell known your personnel, do not break any laws, spin up your employees on practices on the system and how to handle sensitive information.
Solomon, M. G., & Weiss, M. (n.d.). Auditing IT Infrastructures for Compliance. Retrieved March 26, 2019, from https://www.oreilly.com/library/view/auditing-it-i”¦
-Carlos
Student two answers:
During this weeks readings I found that there are three functional control types. They include Preventive, Detective and Corrective controls. Preventive controls are put in place to stop actions. Examples of preventive controls include door locking mechanisms, computer access controls, or placing keypads to access a secured area. Preventive controls are put in place to ensure undesired actions do not occur (Weiss, 2015). Detective controls are used to recognize actions before they actions occur. Examples of detective actions include motion detectors and using logs to analyze functions (Weiss, 2015). In a way, I believe auditing can be used as an example of detective controls. Lastly, Corrective controls fix the results of an action (Weiss,2015). Examples of corrective controls would be implementing a patch management process on a network to ensure vulnerabilities are patched. It is simply an action put in place to correct a known vulnerability.
The principle of least privilege is the practice of limiting access or rights of users on a network based solely on what is needed to perform their duties. Under the principle of least privilege, users only have read, write, r execute only on resources needed for there job. This is important to implement in a network in order to isolate the amount of damage that can be done by users. For example, the IT department should not have write or execute access to the HR department’s resources. If they did, they can delete or lose important information needed by the HR department.
Lastly, the user domain compliance requirements I will discuss include Need to Knows and confidentiality agreements. Need to know is implemented to ensure users have access to data that they are authorized to access (Weiss, 2015). This way not every user can gain access to classified data. Confidentiality agreements provide a company a legal support. It ensures its user abide and can be held legally accountable in case of a security incident.
Weiss, Martin & Solomon, Michael G. (2015). Auditing IT Infrastructures For Compliance. Second Edition.Jones & Bartlett Learning: Information Systems Security & AssuranceCurriculum. ISBN: 1284090701 978-1284090703
-Jason B

“Place your order now for a similar assignment and have exceptional work written by our team of experts, guaranteeing you A results.”