2-11 Assess Authentication, Authorization, and Access Control (Fri Ezinjo) (1)

.docx

School

Prince George's Community College, Largo *

*We aren’t endorsed by this school

Course

610

Subject

Computer Science

Date

May 4, 2024

Type

docx

Pages

Uploaded by blingtyra on coursehero.com

1 Step11- Assess Authentication, Authorization, and Access Control Victory Smith UMGC CMP 610 Professor Ferrer

2 What Various Industries Are Doing to Face Their Cybersecurity Needs Introduction Cyber security has become important for most organizations owning to the dangers that an organization faces when its cyber security is compromised. The dangers posed by cyber security make most organizations set in place measures to control access to sensitive data. Additionally, there needs to be policies that establish formal guidelines that offer measures that cybersecurity issues are dealt with productively (Arogundade, 2023). The following paper will examine the best practices used to address cyber security, offer insights into the examples of authentication, authorization, and access control seen in experience, examine what worked well at my assigned organization and what could be improved , and explain the role of policy in defining and implementing authorization schemes. The Best Practices Used to Address Cyber Security One of the best practices used to address cyber security needs in an organization is the development and implementation of a robust cyber security policy. A cybersecurity policy offers guidelines that put workers and IT specialists on the same page when it comes to essential measures needed to address company-wide cybersecurity needs. Notably, the implementation of a hierarchical cybersecurity policy has become the best practice for most organizations in different industries. Such a policy allows for a centralized policy that has additional policies designed uniquely to address the exceptional needs of each department (Arogundade, 2023). The other best practice evidenced in different industries to meet cyber security needs is the securing of perimeter and IoT connections. Most organizations in different industries are extending beyond using firewalls and DMZs, as the means of securing connections to the adoption of more advanced forms of securing perimeter and IoT connections (Javaid, Haleem, Singh, & Suman, 2023). Since many gadgets such as doorbells, security cameras, heating systems, office equipment, and smart door locks are currently connected to the internet, the attack surface of cyber security platforms for an organization increases. They increased the attack surface warrants for the deployment of sophisticated secure border routers, enhancing the enterprise database security, and putting place screened subnets to protect perimeters and IoT

3 connections (Catal, Ozcan, Donmez, & Kasif, 2023). Notably, most organizations are combining the use of firewalls and VPNs and the zero-trust model as the best practice to secure their cyber security space (Javaid, et al., 2023). Not only are organizations using a combination of firewalls and VPNs and the zero-trust model, but cyber security protection measures are integrated with a people-centric security approach to bring down the chances of human-connected risks as people in this model are an important perimeter in the cyberspace (Catal et al., 2023). Research has proven compromising cyber security is usually more effective when people are used as entry points for an attack hence the adoption of a people-centric security approach to secure the IT environment. Evidence from recent cyber-attacks indicates that when employees have many default privileges to access sensitive data, the chances of insider breach are high. Many default privileges to access sensitive data by employees also make it easy for a hacker to enter a system when they get hold of an employee’s account (Javaid et al., 2023). All these threats are currently being addressed by the best practice of balancing privileges with users' needs using the zero-trust model, implementing the principle of least privilege, and adopting of just-in-time approach to handle sensitive data in organizations (Catal et., 2023). The above measures to control access to sensitive data also apply to monitoring the activity of privileged and third-party users by limiting their access to critical data. Another best practice being implemented in different industries to address cyber security needs is the wise management of passwords using additional measures such as using different passwords for different accounts, separating personal accounts and business accounts, using password generators and managers to create lengthy passwords, and barring the sharing of passwords (Catal et., 2023). Password use is currently being combined with biometrics authentication for fast, and safe access in addition to precise employee identification. The use of these best practices is referred to as multi-factor authentication as its arguments are an extra layer to accessing sensitive data and protecting a company's cyber security space. Enhancing data protection and management is also a best practice adopted in different industries and it entails using standard encryption, erasure, masking, and resilience measures in a company's cyberspace (Catal et., 2023). Other measures that are used in data protection and management are conducting regular cybersecurity audits and improving the management of

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version