Cis 560 dB 2
“Access Control”
All aspects of a business are vital, though some have more impact on the bottom line. Permissions and access control are given based on what users need and not on what they want. This is called the policy of least privilege. Based on this week’s reading, answer the following question:
- Mistakes happen, even when creating users. In your opinion, if a user is given more access than they need and use it to traverse to sections of the network that are not part of their job responsibilities, who is liable if trade information is stolen? Justify your answer. Outline the steps you would take to ensure proper access control is being maintained and users have the correct rights. Using the Internet, look for an article on a recent breach in access control. Summarize the article, the event, and the issue that created the breach. What steps would you have taken in a similar situation?
Additional post option: How often should access controls be audited?