Cyber Security Report: Access Control, Threats, and Solutions

Verified

Added on 2022/12/29

AI Summary

This report delves into the multifaceted realm of cyber security, with a specific focus on access control mechanisms within organizations. It begins with an introduction to the core concepts of cyber security, defining it as the protection of digital systems and data from malicious attacks, and outlining the scope of the research, including its aims, objectives, and background. A comprehensive literature review then explores the key components of cyber security, such as people, processes, and technology, and categorizes various types of cyber security management, including network, application, and information security, as well as disaster recovery and end-user education. The review also examines different types of cyber threats, including malware, SQL injection, phishing, and denial-of-service attacks. The report then analyzes the concept of access control, discussing its role in limiting data access, authentication techniques, and the importance of strong passwords. Finally, it addresses the importance and limitations of using access control in an organization.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Report on Cyber
Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Table of Contents
INTRODUCTION...........................................................................................................................1
LITERATURE REVIEW................................................................................................................2
DISCUSSIONS..............................................................................................................................17
CONCLUSION..............................................................................................................................19
References:.....................................................................................................................................20

INTRODUCTION
Research topic: To understand the concept of access control on cyber security in an
organization
Research aim: To investigate about the principles of access control and it's emphasis on cyber
security in an organization
Research objectives:
 To analyse the concept of cyber security and it's effect on IT function in an organization
 To examine the consequences of requirements and recovery solutions given by cyber
security on the working of an organization
 To determine the effect of the concept of access control on the organizational
performance
 To identify the impact of working, components and types of access control on the
organizational operations
 To observe the outcome of relationship between the cyber security and access control on
the organizational management
 To study about the importance and limitations of using access control in an organization
Research background:
Cyber security can be defined as the prevention of the technical devices such as hardware
and software from unusual attacks from hackers. In other words, it is also known as electronic
information security or information technology security. It saves the network, computers,
servers, mobile devices, electronic systems and data from malicious attacks. It provides
securities in various forms such as network security, application security, information security,
operational security, disaster recovery, business continuity and end user education (Sun, Hahn
and Liu, 2018).
There are various types of cyber threats involved in it such as cyber crime, cyber attack
and cyber terrorism which uses different methods to attack such as using malware, viruses,
trojans, spyware, ransomware, adware, botnets, SQL injection, phishing, man in the middle
attack, denial of service attack, dridex malware, romance scams and emotet malware.
Therefore, in accordance of it, there are various safety tips are also provided from the end
user protection side such as frequently updating the software and operating system whenever it
feels that system is not working properly or automatically in some time, using anti virus software
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

is most common method used by the people to defend their systems from virus attacks, using
strong passwords is a basic etiquettes that every must follow to safeguard their systems and data,
avoid opening emails from the sender who are unknown to the user and the most importantly,
ignore the open Wi Fi networks to connect for safety purpose.
Access control can be defined as the technique or method of cyber security which
supports an organization or an individual to limit the access or to control the access on their data
and information either it is important, private or confidential. It can be used by a person for it's
personal or can be used by an organization to safeguard their privacy of data. It allows to access
those people only who are authorised to control that data or information, authentication is
necessarily required to reach out the data if access control method has been applied by the firm.
It helps and supports the company in minimizing the risks of losses or data breaches which can
be caused if access control is not used because it limits or restricts the connections to data,
systems files or folders and computer networks. The best access control systems are Salto, Kisi,
honeywell, Bosch, Schlage, Paxton, HID and ADT (Carley, Cervone, Agarwal and Liu, 2018).
The following discussions are based on the concept of cyber security and it's essentials in
an organization, concept of access control which includes the configuration authentication
technique, password cracking of operating systems such as of Linus and Windows, working of
access control, various components that are associated with the access control, different types
access control it consist, importance and limitations of using the access control approach of
cyber security in an organization with proper findings and conclusions.
LITERATURE REVIEW
Concept of Cyber security
Cyber security is referred to as the security against the internet crime either intentional or
unintentional that occurs due to the cyber threats. It involves the whole process which includes
it’s categories, types, threats and protection which is required to get knowledge by each and
every employee in an organization (Gupta, 2018). It has mainly three components involved in
cyber security that are people, processes and technology, explanation are as follows:
People
It is one of the most important component of cyber security because human beings are the
ones who are responsible for the development of the technology, misusing of technology and
2

recovery solution of the same as well. That is why people are the most necessary component who
can evolve the whole processes of cyber security.
Processes
It is another component of cyber security because it includes the overall process in an
organization which mainly follows the whole procedure such as formation of technical systems,
hardware or software, formation of team management, hiring technical specialist, safety of
technical devices, data and information. This whole plan of action helps an organization to build
up it’s information technology function (El Mrabet, Kaabouch, El Ghazi and El Ghazi, 2018).
Technology
It is a component without which cyber security can be impossible to execute because if
there is no proper technology to safeguard the technical devices of the company as safety and
security is the most essential part of the information technology department because they are one
who will be responsible to install or design those technology in the company which can be
appropriately support the firm in protecting their data or information.
Categories of cyber security
There are various types of management which is essentially required in the company for
better safety and security of important, private and confidential data and information (Srinivas,
Das and Kumar, 2019). Such management categories are necessary to execute in an organization
so that functional requirements and operations can be maintained in the firm. Such management
are as follows:
Network Security
It is a type of security where network is being the most necessary thing to make secure
because it is the thing which is maximum and most easily attacked by the people or intruders
whose main motive is to disrupt the network security. Therefore, it is essential to safeguard the
network first because it is the easiest way to enter into the systems so there should be the proper
network security in an organization (Apruzzese, Colajanni, Ferretti and Marchetti, 2018).
Application security
It is a security which focuses on securing the various applications like software or devices
from viruses and many other attacks which usually harms the working of the systems and mainly
targets the operating systems of the computer which generally also leads to the corruption of it
3

which results in loss of data and information. Therefore, it is significant to safeguard and secure
the application in an organization.
Information security
It is a security which targets the private and large amount of information and data and it
is considered as the most important security because data in every organization has a great value
in terms of estimation and forecasting anything related to the finance, profits or losses, so loss in
data can cause the high loss for the company, therefore in order to maintain and secure the
important data and information, it is significant to safeguard the data and information by using
various technical elements of data security (Al-Mhiqani, Ahmad, Yassin and Abdulkareem,
2018).
Operational security
It is a security where operations of the organization which are stored in the systems are
secured because there are various software of human resource, finance, marketing, research and
development, production and many more which contains their data to operate and it helps the
company in smooth functioning. Hence, it is required to safeguard such operations in the systems
on which the major function of the organization is dependent on.
Disaster recovery or business continuity
It is the security where the company must focus on the recovery solution after being the
victim of cyber-attack or crime. Organization should have the better solutions to cope up with all
such crimes and adopt the measures to fight against such attacks so that they can save their
important resource of the company and cannot go in a huge loss (Nguyen and Reddi, 2019).
End-user education
It is the security which can be adopted by the casual employees of the company which
means that they must take care while working on the system that they should not perform any
action which can harm the system and an organization in any way. Therefore, their training is
required to teach them that how they can operate the system without get affected from the
unusual attacks.
Mobile security
It is the security of mobile devices of the company in which organization’s data and
important information is stored. Mobile security is essential because now a days people don’t
carry their systems everywhere so they carry their data and important resources in their mobile
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

devices which are easy to carry and work with. Therefore, it is important to secure the mobile
devices as well for better protection of the firm’s resources in an efficient manner (Berman,
Buczak, Chavis and Corbett, 2019).
Types of cyber security
Cyber crime
It is a crime related to the internet and which is expanded across the world and any one
can misuse the information stored on the internet especially if it is on public mode. It is involves
mainly people whose motive is to gain the financial satisfaction or to take revenge from someone
by destroying someone’s systems by hacking or doing something illegal with other people.
Cyber attack
It is the attack done on the internet and via internet by the people whose main motive is to
gather the data or information which is private and confidential just to know about the data and
can blackmail another person to not to leak or destroy the data and demands for money in place
of that or any other reason (Gunduz and Das, 2020)(Petrenko, 2018).
Cyber terrorism
It is a terrorism which is mainly caused to bring panic or fear in someone about losing
their system security or destroy something technical which is necessary for an organization. This
is similar to the cyber crime and cyber attack because this is also done to blackmail people for
their personal benefits.
Threats of cyber security
Malware
It is a type of malicious software which attacks the internal software of the systems which
is especially unauthorized access by the user. They are in the forms of viruses, Trojans, spyware,
ransom ware, adware and botnets. These are the different ways in which they attack the system
in an organization who have no or less protection from cyber attacks (Li, He, Xu and Yuan,
2019).
SQL injection
It is known as the structured query language injection which means that attacks are done
through the data and database which are extracted through it for gaining information so that it
can be used or misused for further usage of it. It has the platform of SQL to gather the important
5

data and information and those people use this method who have a good knowledge about coding
and SQL.
Phishing
It is the attack which is done via emails which mean attackers send emails, spams,
attachments and many more different forms of things, if user opens them or clicks on them, then
attackers get the knowledge of their systems for hacking and they hack their systems and get
over the controlled on their software and hardware (Husák, Komárková, Bou-Harb and Čeleda,
2018).
Man in the middle attack
It is a type of threat which is done to hamper the communication between two people
which means whatever the resources are being shared between two people can be accesses by
that person who is seeking for hacking their private data or information for further use or misuse
the same.
Denial of service attack
This type of attack states that if an organization wants to pursue some function over the
internet and highly needs the large range of network connection, so this attack prevents the
company in performing the functions that are very vital for an organization and denies the
request to follow or providing services the firm is asking for (Kure, Islam and Razzaque, 2018).
Social engineering
It is a type of attack which is mainly done for money or to extracting out the card details
so that they can steal the money from the person whose card details they have gathered. They
gather information by clicking on any site and sometimes because of their greediness, hackers
use such methods to make the use of fraud sites to attract the users to steal money from them.
Protection of cyber security
Update
It is important to update each and every software and technical device in an organization
so that security can be maintained and there could be less chances of cyber crime and attacks
because it has a direct relationship between updates and cyber crime which means if devices are
up to date then there is less possibilities of hacking and vice versa (von Solms and von Solms,
2018).
Antivirus
6

It is a type of software which protects the system from virus attack. It is highly important
and most required software in any system as it prevents the any type of virus from attacking the
system. Moreover, it notifies the system before hand only that that this site or this file is
corrupted and riskier to open in the systems because of unknown sources.
Passwords
It is a method of prevention from attacking before becoming the victim that is using
strong passwords as suggested by the site or system. They usually suggest of using uppercase
and lower case letters, number and symbols for password generation because combination of
such passwords proves difficult for the hacker to take over the control or break it in any way.
Such pass words are mainly used in highly private data or information (Hildreth, Qualcomm Inc,
2018).
Emails
Emails are something which are generally used to mail some official or professional
message to some organization or corporates. Apart from this, many companies use emails for
marketing and bulk emailing to create awareness for their products. But some hackers use this
feature for misusing to steal money and data from the users by sending them fraud mails or links
or attachments in which lottery content are written so that user's greediness can be the victim of
cyber crime. Therefore, it is important for every one to resist themselves and take care and
ensures that the email they are opening are not fraud but safe for using.
Wi-Fi
There are various Wi-Fi networks revolves around for the internet connection which
surrounds the organization. Some are open networks which means any one can connect to them
and some are encrypted with passwords. It is important for the company to stay away from the
open networks because all open networks are not safe, they intentionally wants that someone
could connect their Wi-Fi and they can get the access in their systems for stealing data and
information or any other purpose. Therefore, it is essential that not to connect any unknown open
network and only use the organization's Wi-Fi for working and safeguarding their systems
(Zhang, Kasahara, Shen and Wan, 2018).
Training and awareness
Some employees in an organization do not have any knowledge of information
technology and cyber crime, hence it is significant to set and organize a proper and an
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

appropriate training and development session especially for teaching theoretically and practically
about the cyber crime and what activities they must not perform while working on the systems
and what things they need to take care of while using internet connection so that they can be
protected from cyber attack.
Risk assessments
It is the term used for evaluating and analysing the risks in the systems because if systems
are updated then they can notify beforehand only about any risk associated with the file or
website but sometimes they do not notify so it is important to check the systems and assessing
the risk before only so that any harm to the systems can be prevented and protected on an early
basis (Verweyst, Cochran and Sivathanu, Google LLC, 2019).
Backing up data
It is one of the most preventive technique because in case in future there is a loss of data
due to any windows corruption or any other reason, it is necessary to backup data so that
recovery can be easy of that information for further use, because if data is not backed up then it
can be impossible for the user to gain back that data and company can suffer a huge loss out of it.
Therefore, it is important to immediately back up the important or even unimportant information
on the servers of an organization so that company can recover that easily.
Encryption
It is defined as the coded language from a certain people to some people which means
that some data or information which is highly confidential and private must be encoded among
those people only who can understand that language for further use. Decryption is an opposite
word which means decoding that data or information after work has been accomplished without
any leaking and hindrance of data. Therefore, it is necessary for the employees to communicate
with the data in the form of encryption and decryption so that no one can unlock that coded
language (Ravidas, Lekidis, Paci and Zannone, 2019).
Secure designing
It is a preventive measure which must be taken care at the time of designing of the
system's software or in the installation process. At the time of coding, there is a security code
which is required to be written down so that security can be in built in the system which helps
the organization to work freely with the system but it needs to be updated timely. This process is
performed by the IT specialist in software designing.
8

Concept of access control
Access control is referred to as a part of cyber security which states that the access is
being controlled on the private data or information and only those people will access who are
authorised and can maintain authenticity with the confidential information. Following are the
different concepts of access control studied which are as follows:
Configuration authentication
It is defined as the authentication which must be configured at the time of formation of
private data and information which states that who will going to access and who will not
(Schuster, Shmatikov and Tromer, 2018). There are various types of authentication such as
password based authentication which needs the strong password, certificate based authentication
which means only those people can access who are certified to open the file, biometric
authentication which means the usage of finger prints, eyes, face, heart beat and many more
signs which relates to the human body to unlock the file access, token based authentication
which means that token is provided to the people who can access the file and can use that token
for using the same and multi factor authentication which means that more than one
authentication techniques is applied on the same file to access for strong protection and high
privacy system.
Using Two-factor authentication to secure the firewall
It is similar to the multi factor authentication system which states that more than one
methods are used to safeguard the system or private data and information. Firewall can be
secured using two factor authentication in three different types such as first is knowledge factors
which means that something which user already knows to unlock the network such as the email
address, passwords, user name, security questions, CVV number, card details and many more.
Second is possession factors which means that something which the user owns such as the
mobile phones, USB token, card reader and many more. Third is inherent factors which means
that something the user has such as the physical attributes of the user related with their body
parts like finger prints, retinal scans, voice recognition and many more just similar to biometric
authentication (He, Golla, Padhi and Ur, 2018).
Password cracking with Linux
There are various tools used in password cracking with Linux such as CeWL tool which
states that they follows the external links and outputs for cracking the password by suing list of
9

words and it is based on ruby language which connects unique URL. Crunch tool which states
that they follows the different combination of words, symbols and numbers in a very quick
process. Hashcat tool which states that they directly attack the CPU's intelligence and take
support from the CPU for password cracking in the system and also used for the recovery part as
well. John the ripper tool which states that they follow the highly configured and customizable
passwords which support and work with various hash types such as traditional DES, big crypt,
FreeBSD MD5, blowfish, BSDI extended DES, Kerberos and MS windows LM lashes (Lunardi,
Michelin, Neu and Zorzo, 2018).
Password cracking with Windows
There are majorly three steps involved in password cracking with Linux such as first is
acquiring the hash which means finding the file in the system which directly relates with the
password cracking of windows generally founded in C drive named windows SAM file which is
required to gain access for further information to crack the password. Second is choosing the
password cracking tool among which are discussed above and the most suitable one as per the
type of file and authentication required for the same. Third step is choosing the cracking
technique among different types of attacks such as dictionary, brute force guessing and hybrid
attack.
Working of access control
Working of access control systems has main key elements which are four number and are
highly involved in the working process of the access control systems such as tag, reader,
controller and lock (Li, Chen, Chow and Liu, 2018). They all plays an important part in forming
and implementing the access control systems which are effective and efficient in nature .
Therefore, elements and working of access control systems are as follows:
Tag
It is defined as an element which is provided to each and every user to access the data
who are especially authorised to open up the file. It is used at the doors of the file at the time of
opening it, it is mainly provided by the system administrator which is used by those users only
who are authenticated and authorised for the same. Without this tag, no user can access the file
especially any unknown sources or unauthorised user. Therefore, it is considered as one of the
element of the access control systems which is highly essential to make the working of such
systems in protected manner.
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Reader
It is defined as the reading of an access which is presented by the user in the form of tag.
In other words, access control systems consist the application which is termed as reader whose
roles and responsibilities is to find out that the tag which is presented by the user in front of the
reader or scanner of an application is authorised or unauthorised. It decides that whether the user
who is asking the permission to access the data is having the correct tag or not and if not then
they cannot be permitted to enter into the system. Therefore, it is considered as one of the
element of access control system who reads the authenticity of the user using tag shown by them
(Levergood, Stewart, Morris and Treese, Soverain Ip LLC, 2018).
Controller
It is defined as the controller of the reader which contains and specifies all the data and
information of the user which can access the system any time but if any user whose tag ID does
not matches with the information stored in the controller then that user is not at all allowed to
access the file in any case. Therefore, it is considered as one of the element of access control
systems as it holds the user's information about the access and permission granted decision is
taken by the controller and thereby it maintains the proper authenticity and authorization of
private file in an organization.
Lock
It is defined as the operator which is controlled by the controller which gives commands
or instructions to the lock that either it has to open or not for the user who is asking the
permission to open the file. Internally they communicate in the binary language that is in the
form of zero or one. If controller commands zero which means false then the lock will
automatically understands that they do not have to open the file and if controller commands one
which means true then the lock will open the file that means it is the correct user who is asking to
access the file (Paci, Squicciarini and Zannone, 2018). Therefore, it is considered as one of the
element of the access control systems who is responsible for opening and closing the file as per
the instructions given by the controller.
Working
Process of working of access control is such that first of all an unique identity with
unique number is provided to every accessible user in the form of tag and stores those user's
information in the access control systems. After that, any user either authorised or not authorised
11

will show their tag in front of the reader so that it recognises that the user can access the data or
not. Controller is responsible for reading out the information of the user as it stores the data of
every user who are authorised to that particular content. If that user is authorised then it
commands the lock system to open up the file and vice versa (Cruz, Kaji and Yanai, 2018).
Components of access control
There are various components of access control systems which are included and highly
involved in the whole process of access control. Such components have their own features,
advantages, uses and limitations but all are necessary to install in the access control systems in
order to work properly in terms of safety and security. Components are as follows:
Access cards
These are the cards which acts like a keys to the lock where lock is the file which is
needed to be accessed by the user. It is provides to the authorised user with unique identity
number through which they make the use of opening the private data and information. Such
cards are given to only those users who have the permission to read the data and make such
information as private as possible as per the instructions given (Sinnema, EMC Corp, 2018).
Card readers
These are readers who reads the cards and decide that the user who wants to access the
data is authorised or not. It is one of the important component because it has a major role in
restricting the user to access the file and if this component does not have that power then user
can easily access the file without any card or identity, therefore it is important to code such
application on a strong security basis.
Keypads
This is an alternative system of access cards, if an organization is not willing to use the
access cards then they can prefer the keypads systems which states that the file must have a
password which could be typed on the keyboard to access and only those people should know
who have the authorization of the data. It mainly supports the strong passwords such as the
combination of various symbols, letters and numbers (Bertin, Hussein, Sengul and Frey, 2019).
Electric lock hardware
This is another alternative of access cards and keypads which states that it can be the
implementation of hardware security system which can be locked electronically. It can have any
type of passwords either in a pin system or letter system or lock and key systems which is only
12

provided to the user who is authorised to access the data stored. This system is wholly based on
the hardware concept so it is the responsibility of the IT hardware specialist to make it a strong
security to better safeguard the information.
Alarm systems
This system is for the unauthorised user who tries to open or crack the password to access
the file in an unethical way. There are various types of alarm systems such as for entering the
wrong password, unauthorized access and many more. It is an important component because if
alarm is not only installed in the system then it can be impossible to know about the
administrator that who tried to broke the security systems of the data access (Kiriyama, Shioya
and Tsumura, International Business Machines Corp, 2020).
Field panels
It is an another important component of access control system because it's roles and
responsibilities is to gather and collect all the parts of the system and integrate all of them to
form the proper structure and framework in a particular order so that working can be in a
systematic manner with an appropriate procedures. Parts includes the cards, readers,
applications, controller, lock, hardware and many more which is required in an access control
system.
Access control software
Access control systems consist the access control software which stores all the data and
information about the authorised or unauthorised user such as that how many times an
unauthorised user has tried to access the private data, how many times the authorised user
accessed the file and what modifications have been done at what time with the name of the
person. Therefore, it consist all the information about the data accession by the different types of
users in order to maintain the proper record for the same (Haggerty, Von Hauck, Mclaughlin and
Liu, Apple Inc, 2019).
Types of access control
Discretionary Access Control (DAC)
This type of access control system is the most flexible one because in this system, the
owner decides that whom to give access and whom not to. Most of the organization fix this as an
access control system because of it's flexibility. Owners have only the decision making power in
this, they can only decide about what security is to be installed and what not to be. But there is a
13

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

demerit as well of this system which is if one person has an authorization fully then they can give
access to the other people as well who is not listed in the authorization process. Therefore, it is
flexible and less secure as well.
Mandatory Access Control (MAC)
It is the most secure type of the access control system because it has less flexibility. Only
the owners and administration have the rights to access the data and if they want that data can
also be accessed by the other person among employees then they can also access but they don't
have any right to give the access permission to another person of their choice, moreover, owners
only can decide that who will only read the data, who can modify or who can delete, that is why
it is considered as the most secure type as granting permission of accessing the file is restricted
because settings is to be changed for each and every person which is considered as the strong
security option for an organization (Morrison and Roy, Honeywell International Inc, 2019).
Role-Based Access Control (RBAC)
It is a secure and easy type of an access control system in which permission of an each
and every individual is not compulsorily granted as it creates complications in restricting and
allowing that whom to allow what type of permission. Therefore, this type of access control
system operates in such a way that it did not make any single permission, it grants the permission
as per their roles and responsibilities or according to the different departments available in an
organization. For example, they do grouping such as finance people, marketing people, human
resource people and many more are having individual departments, Finance people will log in in
the finance department data and so on. It saves time and energy of the company.
Rule-Based Access Control
It is a strict type of an access control system which operates as per the rules, regulations,
policies and norms of an organization. Owners and administrators sets the system according to
the process and procedures of the company and every member is required to follow the same if
they need to access the data and information of their own function. For example, if time limit is
set that only last log out or log in can be at 5 PM or in office hours then user has to follow that in
any case otherwise strict action can be taken to break the ethics of the company and can be
considered as an unethical issue for an organization and for the person as well (Mizon, Inventio
AG, 2018).
Relationship between the cyber security and access control
14

There is a direct and positive relationship between cyber security and access control
because access control is a part of cyber security. If access control works properly then cyber
security can have more advantages in it's operation but if access control is not working properly
then cyber security can have disadvantage in it's operations in an organization. Moreover, there
are various applications in cyber security which supports access control feature of it. Access
control is one of the most effective and essential form of cyber security as it prevents the
unauthorized access to the private data or information in an organization. It also secures the
different types of entry systems used to access the data in an efficient manner. Thereby, access
control has proved the most potential kind of cyber security in term of the preventive measures
they have adopted and the proper management of it. Handling such measures of cyber security
depends on the quality of an organization that how they are actually implementing and executing
the access control systems in the company. Because it proves that how much secure their data is
so that their relationship can be justified by the outcome of smooth functioning of the company
in it's overall operations (Umbehocker, OS NEXUS Inc, 2018).
Importance and limitations of access control
Importance
Theft prevention
There are many thefts related to the cyber security and main thefts are associated with the
privacy of data and information which is majorly handled by the access control system in an
organization. People use or misuse the company's privacy in different ways which are considered
as different thefts such as leaking of data, misusing of data, loss in data and many more, so
therefore, it is necessary to prevent those thefts for betterment of the firm which is managed by
the access control systems.
Levels of security
There are different types of thefts which are performed by the hackers or viruses which
can lead to different types of results and losses for the company. Therefore, in order to tackle
with all such thefts associated with the security level, then it is essential to provided various
levels of security to the system to facilitate more comfortable working with the systems. Hence,
access control system provides such facilities of different levels of security to an organization for
smooth functioning of it's operations (Beigi, 2018).
Organizational Benefits
15

Access control systems provides various advantages or benefits to an organization to
secure it's private or confidential data and information. It facilitates the firm in it's each and every
department of the company such as in human resource, finance, marketing, production,
information technology, research and development and many more departments. Moreover, if
company organizes better training and development sessions for the employees about teaching of
cyber security and access control then it can gain more benefit because of easiness in securing
the systems by every individual in an organization from unexpected and unusual losses that can
occur in the company.
Limitation
Hacking
Access control system is a technical thing which can be get hacked by the hacker to
access the information. It highly needs tight security in order to safeguard the systems from
hacking because most of the hackers do not attack the normal system as they know they access
control system can protect them so they directly try to attack the access control systems so that
they can remove the protection from normal systems as well.
Technical Installation
Access control systems requires high configuration to install in an organization because
they contain huge prevention techniques in them which is needed to be installed in it otherwise
there will be no use of access control systems. Therefore, such heavy installations requires large
amount of time, energy and IT specialist to handle out such systems on a frequent basis for
maintenance and updates as well.
Cost ineffective
Access control systems highly needs cost and greater expenses to install such systems in
an organization because it consist features and advancements in such a way which generates cost
for the company that includes operating as well as maintenance cost. Moreover, to manage and
handle such systems, company requires highly skilled people in information technology which
demands good amount of salary which is an another expense for an organization. But it is
important to hire employees who can easily handle systems and security in the company in order
to safeguard the company's data and information to maintain it's productivity and stability in the
market (Chu, Zhang, Lou and Sun, Marvell World Trade Ltd, 2019).
16

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DISCUSSIONS
The following discussion is based on an organization Atlassian based in Australia in
terms of it's organizational overview, access control systems design, evidence and interpretation
are as follows:
Organization
Atlassian is one of the leading international software company based in Australia and
founded in 2002. It mainly deals with the products for developers of software and project
managers. It's revenue is approximately about 160 crores USD in recent year that is 2020. It is
headquartered in Sydney. It is founded by Mike Cannon Brookes and Scott Farquhar and they
are the board of directors as well of the company. It has various subsidiaries which includes
iFountain, Mindville AB, Agile Craft, Code Barrel, Status page and many more. They say that
every industry such as from medicine to space travel, food to clothing and many more,
company's products helps all such companies in technical terms by giving them the facilities of
the power of software they are providing to the firms in different ways by advancing them in
information technology. Many companies operates at large level thereby they can definitely have
the large amount of data and information so therefore, it supports firm in facilitating with the
security of it's private data by assisting them with the software projects and developments. They
themselves holds large amount of data of each and every client which is needed to be secured
and therefore, they have established the access control systems in their company in order to
safeguard the privacy and confidentiality of information by adopting different methods and
techniques of such systems. Therefore, to understand in detail, it's design and evidence is being
discussed that how they have implemented and executed such security systems in an
organization.
Design
It has started designing the access control systems from a very basic point such as
defining the budget because access control systems are of various types which gives different
levels of securities and their costs differs according to the features and requirements of an
organization. After defining the budgets, they have cooperated with the various other
departments which are involved in the company so that better discussions can be made in order
to install the access control systems as per their view points and budgets. Then they initiated
procurement in a very smart way. This is a basic structure that the Atlassian has followed,
17

designing of access control systems are performed such as they analyse all the benefits and
demerits of all types of systems and interprets that which can give most advantage to the
company, how it can be able to secure the organization's data, what forms of authentication are
required and how many of them can be needed in the company, kind of reader and lock they
must use to protect from the unauthorised user, type of connection and controller and finally
examining that what type of access control system can be used or what best fits or suits to the
organizational data or information protection and prevention from thefts. Before implementation
and execution of access control system, it is significant to plan the design and resources needed
to install systems so that if any difficulty arises at the time of execution can be tackled out in a
potential, effective and efficient manner.
Evidence
Atlassian has executed all it's designing planning in a very impressive way by following
each and every step of designing process of access control system. Process includes that first
they have hired the people who are specialist in cuber security and can maintain and handle the
access control systems. Secondly, they have installed the technology and configuration which is
required in the working of the systems and security purposes. Thirdly, they have featured and
implemented various categories of securities such as network security, application security,
information security, operational security, disaster recovery or business continuity, end-user
education and mobile security. Fourthly, they have configured different types of threats and
protection against those thefts are featured in the security systems. Fifthly, they start the
implementation of access control system by using access cards such as tags with unique
identification, card reader, controller and lock. Sixthly, they have set up the alarm system as well
in order to identify who has accessed the data. They have used the RBAC access control system
which stands for role based access control because the company is having the large and various
number of different departments so they have set the function based permissions of an individual
for fast working and in securable manner in the firm. Therefore, designing and evidence of
Atlassian is in both ways that is in theoretical and practical manner as well.
Interpretation
It is interpreted and justified that the Atlassian company is a software firm which
provides technical and security services to their clients on a large level. Along with providing the
security services to other brands and companies, they itself have established their own access
18

control system for their own organization. This is because they work on a very good level so they
will be having the data and information of it's all the clients either private or confidential,
therefore, in order to safeguard their information which is saved in their own systems requires
the access control system with high security benefits. Hence, they have designed and evidenced
such systems step by step so that they could be able to work on them in an appropriate or proper
way. Although they are facing some limitations of access control systems as well but they are
trying to resolving them out by coping up with the recovery solutions with the assistance of IT
specialist team and with the support of whole management team in an organization. Currently
they are working by operating such systems at a good level in order to enhance the performance
of the company and better operations in an organization with full safety and security.
CONCLUSION
It is concluded that cyber security is an essential part in every organization so as to
safeguard and protect large amount of private and confidential data and information to prevent
from various thefts and hackers who continuously finds a way to spoil the company's goodwill or
for any unethical purpose. Access control is one of the important method of cyber security
through which data can be protected from unauthorised user and only authorised user can access
the data as per the company's needs and requirements that whom they want to grant permission
and whom not to. Therefore, it is necessary to analyse the concept of cyber security, it is
essential to examine the categories of cyber security, it is significant to determine the types of
cyber security, it is important to observe the threats of cyber security, it is necessary to identify
the protection of cyber security, it is essential to study about the concept of access control, it is
significant to analyse the working of access control, it is important to interpret the components of
access control, it is necessary to gain knowledge about the types of access control, it is essential
to learn about the relationship between the cyber security and access control, it is significant to
know the importance and limitations of access control and finally the discussions on an
organization, it's design and evidence with proper interpretation and justification. Thereby, this
report covers all such areas in order to perform an appropriate research work on cyber security
and access control with an organizational example.
19

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

References:
Books and Journals
Al-Mhiqani, M.N., Ahmad, R., Yassin, W. and Abdulkareem, K.H., 2018. Cyber-security
incidents: a review cases in cyber-physical systems. Int. J. Adv. Comput. Sci. Appl. 9(1).
pp.499-508.
Apruzzese, G., Colajanni, M., Ferretti, L. and Marchetti, M., 2018, May. On the effectiveness of
machine and deep learning for cyber security. In 2018 10th international conference on
cyber Conflict (CyCon) (pp. 371-390). IEEE.
Beigi, H., 2018. Access control through multifactor authentication with multimodal biometrics.
U.S. Patent 10,042,993.
Berman, D.S., Buczak, A.L., Chavis, J.S. and Corbett, C.L., 2019. A survey of deep learning
methods for cyber security. Information. 10(4). p.122.
Bertin, E., Hussein, D., Sengul, C. and Frey, V., 2019. Access control in the Internet of Things: a
survey of existing approaches and open research questions. Annals of
Telecommunications. 74(7). pp.375-388.
Carley, K.M., Cervone, G., Agarwal, N. and Liu, H., 2018, July. Social cyber-security.
In International conference on social computing, behavioral-cultural modeling and
prediction and behavior representation in modeling and simulation (pp. 389-394).
Springer, Cham.
Chu, L., Zhang, H., Lou, H.L. and Sun, Y., Marvell World Trade Ltd, 2019. Medium access
control for multi-channel OFDM in a wireless local area network. U.S. Patent
10,257,806.
Cruz, J.P., Kaji, Y. and Yanai, N., 2018. RBAC-SC: Role-based access control using smart
contract. Ieee Access, 6, pp.12240-12251.
El Mrabet, Z., Kaabouch, N., El Ghazi, H. and El Ghazi, H., 2018. Cyber-security in smart grid:
Survey and challenges. Computers & Electrical Engineering, 67, pp.469-482.
Gunduz, M.Z. and Das, R., 2020. Cyber-security on smart grid: Threats and potential
solutions. Computer networks, 169, p.107094.
Gupta, B.B. ed., 2018. Computer and cyber security: principles, algorithm, applications, and
perspectives. CRC Press.
Haggerty, D.T., Von Hauck, J., Mclaughlin, K. and Liu, A., Apple Inc, 2019. Methods and
apparatus for providing management capabilities for access control clients. U.S. Patent
10,271,213.
He, W., Golla, M., Padhi, R. and Ur, B., 2018. Rethinking access control and authentication for
the home internet of things (iot). In 27th {USENIX} Security Symposium ({USENIX}
Security 18) (pp. 255-272).
Hildreth, E., Qualcomm Inc, 2018. Device access control. U.S. Patent 9,986,293.
Husák, M., Komárková, J., Bou-Harb, E. and Čeleda, P., 2018. Survey of attack projection,
prediction, and forecasting in cyber security. IEEE Communications Surveys &
Tutorials. 21(1). pp.640-660.
Kiriyama, H., Shioya, T. and Tsumura, T., International Business Machines Corp, 2020. Device
and method for determining content of access control of data. U.S. Patent 10,747,893.
Kure, H.I., Islam, S. and Razzaque, M.A., 2018. An integrated cyber security risk management
approach for a cyber-physical system. Applied Sciences. 8(6). p.898.
20

Levergood, T.M., Stewart, L.C., Morris and Treese, G.W., Soverain Ip LLC, 2018. Internet
server access control and monitoring systems. U.S. Patent 9,900,305.
Li, J., Chen, X., Chow, S.S. and Liu, Z., 2018. Multi-authority fine-grained access control with
accountability and its application in cloud. Journal of Network and Computer
Applications, 112, pp.89-96.
Li, L., He, W., Xu, L. and Yuan, X., 2019. Investigating the impact of cybersecurity policy
awareness on employees’ cybersecurity behavior. International Journal of Information
Management, 45, pp.13-24.
Lunardi, R.C., Michelin, R.A., Neu, C.V. and Zorzo, A.F., 2018, April. Distributed access
control on IoT ledger-based architecture. In NOMS 2018-2018 IEEE/IFIP Network
Operations and Management Symposium (pp. 1-7). IEEE.
Mizon, J., Inventio AG, 2018. Access control system. U.S. Patent 10,068,395.
Morrison, J.D. and Roy, S., Honeywell International Inc, 2019. Systems and methods for
enabling access control via mobile devices. U.S. Patent 10,395,452.
Nguyen, T.T. and Reddi, V.J., 2019. Deep reinforcement learning for cyber security. arXiv
preprint arXiv:1906.05799.
Paci, F., Squicciarini, A. and Zannone, N., 2018. Survey on access control for community-
centered collaborative systems. ACM Computing Surveys (CSUR). 51(1). pp.1-38.
Petrenko, S., 2018. Cyber security innovation for the digital economy. River Publishers.
Ravidas, S., Lekidis, A., Paci, F. and Zannone, N., 2019. Access control in Internet-of-Things: A
survey. Journal of Network and Computer Applications, 144, pp.79-101.
Schuster, R., Shmatikov, V. and Tromer, E., 2018, October. Situational access control in the
internet of things. In Proceedings of the 2018 ACM SIGSAC Conference on Computer
and Communications Security (pp. 1056-1073).
Sinnema, R., EMC Corp, 2018. Risk-adaptive access control of an application action based on
threat detection data. U.S. Patent 9,992,213.
Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security:
Framework, standards and recommendations. Future Generation Computer Systems, 92,
pp.178-188.
Sun, C.C., Hahn, A. and Liu, C.C., 2018. Cyber security of a power grid: State-of-the-
art. International Journal of Electrical Power & Energy Systems, 99, pp.45-56.
Umbehocker, S.M., OS NEXUS Inc, 2018. Role based access control utilizing scoped
permissions. U.S. Patent 9,953,178.
Verweyst, B., Cochran, M.J. and Sivathanu, M., Google LLC, 2019. Access control for
enterprise knowledge. U.S. Patent 10,326,768.
von Solms, B. and von Solms, R., 2018. Cybersecurity and information security–what goes
where?. Information & Computer Security.
Zhang, Y., Kasahara, S., Shen, Y. and Wan, J., 2018. Smart contract-based access control for the
internet of things. IEEE Internet of Things Journal. 6(2). pp.1594-1605.
21