Analysis of Information System Security: Access Control & Monitoring

Verified

Added on 2022/11/15

AI Summary

This report provides a detailed analysis of information system security, focusing on access control systems and network monitoring techniques. It begins by describing seven primary categories of access controls: Detective, Deterrent, Corrective, Preventative, Recovery, Directive, and Compensation, explaining their functions and appropriate implementation scenarios. The report then addresses the importance of network monitoring, highlighting network tomography and route analysis as effective measures for identifying and mitigating suspicious network activity. Furthermore, it discusses control measures for catastrophic incidents, emphasizing the implementation of route analysis, preventive access controls, and corrective access controls to protect organizational data. The implementation process is categorized into logical/technical, management/administrative, and physical controls. The report concludes by asserting that the discussed access controls and monitoring processes will significantly enhance the security of the organization's IT infrastructure, mitigating potential threats and safeguarding data.

Running head: REPORT ON INFORMATION SYSTEM SECURITY
REPORT
ON
INFORMATION SYSTEM SECURITY
Name of the Student
Name of the university
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
IT Security
Table of Contents
Introduction:...............................................................................................................................2
Discussion:.................................................................................................................................2
Access Control System-.........................................................................................................2
Detective Access Control System-.....................................................................................3
Deterrent Access Control System –...................................................................................3
Corrective Access Control System –..................................................................................3
Preventative Access Control System –..............................................................................3
Recovery Access Control System –...................................................................................3
Directive Access Control System –....................................................................................3
Compensation Access Control System –...........................................................................4
Network Monitoring –............................................................................................................4
Network tomography –......................................................................................................4
Route analysis –.................................................................................................................4
Catastrophic incidents control measures –.............................................................................5
Implementation Process -.......................................................................................................5
Conclusion:................................................................................................................................5

2
IT Security
Introduction:
The primary objective of this paper is to discuss about the information system security
controls in which it will elaborate seven significant access control which may have
significant impact on the approached security management system. Along with explaining
those aspects it will also elaborate effective control measures in order to reduce the
suspicious activities from the network server. Followed by describing the above measures it
will also elaborate the more effective control measures to enhance the capabilities of the
Information Technology systems to handle more catastrophic incidents as well as since, it has
been noticed from the case study that the manager is highly concerned with the policies and
the implementation process of those thus, this paper will consist a detail elaboration related to
the implementation of the above identified control measures by categorising all the fields.
Discussion:
Access Control System-
Considering the manager’s interest a brief discussion on seven categories of access
controls systems are listed below:
Detective Access Control System-
This types of access control system works by identifying the unauthorized activities in
the Information Technology systems within the organisation. These types of control are
termed as the after the fact access control. These types of access control includes the security
cameras, audit trails and many more.

3
IT Security
Deterrent Access Control System –
This types of access control systems works by discouraging the internet violation in
the Information Technology infrastructure which includes the fences, security guards,
security badges as well as the firewalls.
Corrective Access Control System –
These types of systems work by recovering a system after any cyber-attack which
includes the intrusion detection system, business continuity planning and many more.
Preventative Access Control System –
These types of access control system work by protecting the Information Technology
infrastructure within any organization from any external attacks which includes the
application of penetration testing, encryption process as well as the implementation of
security cameras.
Recovery Access Control System –
Similar to the corrective access control systems these types of systems works with
recovering the destroyed or hacked data due to any cyber-attack, however this access control
system is more effective than the corrective access control system.
Directive Access Control System –
This types of access control system works by directing or controlling action or
security policies in order to protect the organizational devices from cyber-attacks which
includes the application of monitoring the network, awareness training as well as the
incorporation of effective security policies.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
IT Security
Compensation Access Control System –
These types of access control systems works by providing an effective enforcement to
the other access control systems as well as the other security policies to become more
effective to protect the organizational Information Technology infrastructure which can be
applied by the implementation of the personal monitoring as well as the awareness’s which
holds a significant impact towards the success of this access control.
Network Monitoring –
In order to address the concerns of the CIO of the organization it has been observed
that monitoring the organizational network is highly important as the application of effective
network monitoring tools can significantly reduce the chances of getting hacked by the hakes
as well as it holds the capabilities to notify in case of threat occurrence.
Network tomography –
The incorporation of network tomography in the organizational network will offer the
capabilities to monitor as well as supervise the health of the links present in that
organizational network by providing the network agent at the end of the internet vantage
point. Hence, it is suggested that incorporation of this can be effective for network
monitoring.
Route analysis –
Followed by the above network monitoring measure, route analysis of the
organizational network analyses the path or posture of the network by which it identifies the
issues as well as the downtime of the organizational network.
Catastrophic incidents control measures –
Catastrophic incidents represents such incidents which may harm the organization
data security by any sort of terrorism attack or antinational attacks. Hence followed by the

5
IT Security
above mentioned analysis I would like to suggest that the manager should opt for
implementing route analysis in order to monitor the organizational network as it has been
discussed above that it holds effective capabilities in order to alert the administrator in case of
any suspicious activity. Along with this the organization incorporate the preventive access
controls as well as the corrective access controls as it has been discussed above that the
preventive access control will enable the capacities to protect the Information Technology
network server and the corrective access control will help to recover the organizational data
in case any fault occurrence.
Implementation Process -
The implementation process of the above mentioned access controls are classified into
three categories which includes the logical or technical controls, management or
administrative controls and the physical controls. Followed by this aspects the above
mentioned controls are also identified with the above classifications. The preventive access
controls are the technical or the logical controls this types of controls are implemented with
the technologies. Along with that the Corrective access controls are also the logical control
type as it is implemented with software. Hence it can be stated that due to the implementation
of the above mentioned access controls the Information Technology system infrastructure as
well as the organizational network server will be protected from the external threats.
Conclusion:
After the above discussion it can be concluded that this paper has effectively
discussed about the most efficient access controls which can be implemented in an
organizational Information technology infrastructure in order to mitigate the possible threats
which holds the impact to enhance the security of the organizational data. Followed by this
discussion this paper also consists an elaboration related to the network monitoring process

6
IT Security
and it has also discussed as well as suggested most effective access controls which will be
appropriate to address the organizational requirement. Lastly, it has successfully classified
the recommended access controls with respect to its implementation process.
Hence, it can be stated that the above discussion will sure help the organization to
achieve the goals which has been selected by the manager.
Bibliography:
Baschy, L. M. (2015). U.S. Patent No. 9,003,295. Washington, DC: U.S. Patent and
Trademark Office.
Garg, N., Sinha, A. K., Gandhi, V., Bhardwaj, R. M., & Akolkar, A. B. (2016). A pilot study
on the establishment of national ambient noise monitoring network across the major
cities of India. Applied Acoustics, 103, 20-29.
Gupta, N., Prakash, A., & Tripathi, R. (2015). Medium access control protocols for safety
applications in Vehicular Ad-Hoc Network: A classification and comprehensive
survey. Vehicular Communications, 2(4), 223-237.
Herrala, S. (2016). U.S. Patent No. 9,430,888. Washington, DC: U.S. Patent and Trademark
Office.
Jawhar, I., Mohamed, N., Al-Jaroodi, J., Agrawal, D. P., & Zhang, S. (2017). Communication
and networking of UAV-based systems: Classification and associated
architectures. Journal of Network and Computer Applications, 84, 93-108.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IT Security
Sawhney, S., Conover, M., & Montague, B. (2015). U.S. Patent No. 8,938,782. Washington,
DC: U.S. Patent and Trademark Office.
Smedley, S. B., Heubel, E. V., Chapman, N. L., & Ma, C. K. (2017). A Primer on a Domestic
Catastrophic Disaster Response for the Joint Logistics Enterprise (No. DRM-2016-U-
014519-Final). Center for Naval Analyses Arlington United States.
Yue, X., Wang, H., Jin, D., Li, M., & Jiang, W. (2016). Healthcare data gateways: found
healthcare intelligence on blockchain with novel privacy risk control. Journal of
medical systems, 40(10), 218.