PricingBlogAbout Us

Implementation of Access Control in ORD Organization: Report

Verified

Added on  2020/04/07

|7
|1334
|273
Report
AI Summary
This report details the implementation of access control methodologies within the ORD organization, which has 4000 staff members and multiple departments. The report focuses on securing workstations through both physical and logical access controls. Physical security measures include ID proofing with fingerprint scanners at the main entrance, visitor management systems involving visitor cards and verification, and CCTV surveillance throughout the building, including fire exits. Logical access control involves authentication methods, lock-out policies, and the separation of duties to limit access to sensitive information. The report also discusses the use of smart cards for equipment access and the importance of testing access control systems using tools like Nessus for penetration testing. It concludes with a summary of the recommended access control measures, emphasizing the need for a multi-layered approach to ensure the security of the organization's assets and data.
Document Page
Running head: ACCESS CONTROL
Access Control
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1
ACCESS CONTROL
Table of Contents
1. Introduction......................................................................................................................2
2. The Access control methodologies..................................................................................2
3. Conclusion.......................................................................................................................5
4. References........................................................................................................................6
Document Page
2
ACCESS CONTROL
1. Introduction
The organization ORD is an organization of 4000 staffs in the various departments. The
ground level of the building includes entrances, training rooms, computer labs and the
workstations. Proper access control is to be implemented in from controlling the access and
monitoring the access of the workstations. Access control is a selective restriction of the access
to a place or a resource1. The access here refers to the consuming, entering or using. Different
locks and the login credentials of the access control mechanism can be imposed for controlling
the access to the workstations of the building. The different physical and logical access control
mechanism that can be employed for the workstation are discussed in the following paragraphs 2-
2. The Access control methodologies
The entry to the organization is through the main entrance of the ground floor or through
the parking lot that is situated in the basement. There is only one main door of entrance to the
building apart from few fire exists. The fire exits can be accessed only during an emergency, as it
needs the breaking of the glass plane for its access. Therefore, a CCTV surveillance would be
enough for access control or monitoring who are taking advantage of the fire exits in accessing
the building 3.
The access control methodology can be broadly divided into two phases physical and
logical. The physical access control is mainly used for controlling the access to the campuses,
building, rooms and different physical IT assets. Logical access limits the access of the computer
networks, system files and the data.
1 Hu, Vincent C., D. Richard Kuhn, and David F. Ferraiolo. "Attribute-based access control." Computer 48,
no. 2 (2015): 85-88.
2 Fennelly, Lawrence. Effective physical security. Butterworth-Heinemann, 2016.
3 Nam, Yunyoung, Seungmin Rho, and Jong Hyuk Park. "Intelligent video surveillance system: 3-tier
context-aware surveillance system with metadata." Multimedia Tools and Applications 57, no. 2 (2012): 315-334.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3
ACCESS CONTROL
The foremost physical security access control of the system is to be imposed in the main
entrance of the building. The workers and the staffs can access the building only by showing
their identity card and providing the fingerprint4. The fingerprint scanner system is installed in
the main entrance and the employees are allowed the entrance only after the successful
verification of their identity. This can be termed as ID proofing as well. This prevents the risk of
providing entry of the unauthorized person into the workstation and therefore it is an effective
access control methodology.
However only imposing the access control in the main entrance would be a problem for
the visitors of the organization. They might find difficulty in accessing the building for business
related tasks. Therefore, providing access to the building to the visitors is essential. However,
imposing access control to the visitor of the building is essential for preventing the unauthorized
access. Therefore, introduction of the visitor’s card is an important and effective access control
methodology. The visitors are to be escorted inside the building only after the successful
verification of their identity. The visitors to the building are required to sign in by providing their
essential and detailed information.
Separation of the duties is essential for limiting the number of employees who can access
the workstation is another important access control method. 24 hours CCTV surveillance can be
imposed in the entry of workstation for monitoring who can access the system. However,
controlling and securing the CCTV server room is necessary for unethical access or the
modification of the data. CCTV server is vulnerable to attacks and therefore imposing a properly
tested system is necessary.
4 Banerjee, Salil P., and Damon L. Woodard. "Biometric authentication and identification using keystroke
dynamics: A survey." Journal of Pattern Recognition Research 7, no. 1 (2012): 116-139.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4
ACCESS CONTROL
Furthermore, the entire information system that is to be imposed uniquely identifies and
authenticates the source and the destination of the transfer of the information. The access of
information in the workstation should be subjected to three factors Authentication5.
Lock Out policy can be imposed in the entrance of the workstation as well as the access
to the information. This prevents the users from guessing the password. This is because if a
wrong password id entered for a specific number of times, the system gets locked.
The access control methods that can be employed to the different rooms of thee ground
floor includes the CCTV surveillance. This can be coupled with the password protection in the
entrance of the rooms that needs extra monitoring6.
The access control over the equipments can be imposed by the introduction of the smart
card7. Only the authorized persons will be allowed to access the equipments and the data of the
workstation to prevent unauthorized access of the equipments. The smart card provides the
confidentiality, integrity, authentication and the non-repudiation.
The different categories of controls imposed on a system include detective controls,
deterrent controls, preventive control, corrective controls, recovery controls and compensating
controls. Preventive control is mostly recommended for the organization, as it helps in blocking
or controlling the specific events. Furthermore, it is essential for the organization to ensure a
proper testing to all the imposed access control to ensure whether they are working properly. The
different testing procedures include penetration tests, application vulnerability tests and code
5 Ayed, Mourad Ben. "Systems for three factor authentication." U.S. Patent 8,190,129, issued May 29,
2012. 6 Cerruti, Julian A., Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, and Eric Wilcox. "User
password protection." U.S. Patent 8,353,017, issued January 8, 2013.
7 Chen, Bae‐Ling, Wen‐Chung Kuo, and Lih‐Chyau Wuu. "Robust smart‐card‐based remote user password
authentication scheme." International Journal of Communication Systems 27, no. 2 (2014): 377-389.
Document Page
5
ACCESS CONTROL
reviews. Penetration testing periodically scans all the systems to discover the vulnerabilities of
the system8. It uncovers the potential vulnerabilities in the open services. The tool that is used in
this case is Nessus.
3. Conclusion
Therefore, from the above discussion, it can be concluded that imposing access control in
the entrances, ground floor and workstations in the building 402. The access control that is
recommended to be imposed in the entrance is the ID proofing along with the finger print
scanner. This would allow only the registered people to enter into the building. The report further
discusses the different security measures and the access control mechanisms that can be imposed
on the equipments and to the different rooms of the building. The major among them is
installation of CCTV cameras in different areas including the fire exit. The different control
mechanism of the access control systems are further discussed in the report. The appropriate tool
that can be used penetration testing of the access control system imposed is Nessus.
8 Basta, Alfred, Nadine Basta, and Mary Brown. Computer security and penetration testing. Cengage
Learning, 2013.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6
ACCESS CONTROL
4. References
Ayed, Mourad Ben. "Systems for three factor authentication." U.S. Patent 8,190,129, issued May
29, 2012.
Banerjee, Salil P., and Damon L. Woodard. "Biometric authentication and identification using
keystroke dynamics: A survey." Journal of Pattern Recognition Research 7, no. 1 (2012): 116-
139.
Basta, Alfred, Nadine Basta, and Mary Brown. Computer security and penetration testing.
Cengage Learning, 2013.
Cerruti, Julian A., Stefan Nusser, Jerald Thomas Schoudt, Gustavo Stefani, and Eric Wilcox.
"User password protection." U.S. Patent 8,353,017, issued January 8, 2013.
Chen, Bae‐Ling, Wen‐Chung Kuo, and Lih‐Chyau Wuu. "Robust smart‐card‐based remote user
password authentication scheme." International Journal of Communication Systems 27, no. 2
(2014): 377-389.
Fennelly, Lawrence. Effective physical security. Butterworth-Heinemann, 2016.
Hu, Vincent C., D. Richard Kuhn, and David F. Ferraiolo. "Attribute-based access
control." Computer 48, no. 2 (2015): 85-88.
Nam, Yunyoung, Seungmin Rho, and Jong Hyuk Park. "Intelligent video surveillance system: 3-
tier context-aware surveillance system with metadata." Multimedia Tools and Applications 57,
no. 2 (2012): 315-334.
chevron_up_icon
1 out of 7
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.