The account creation policy is quite inevitable for organizations. It, therefore, becomes necessary for organizations to act on the three unauthorized user accounts (Jorgensen, 2014). Currently, there is a lack of an adequate defense system in the verification of accounts and elevation of any necessary privileges and hence modifications on the policy are necessary to prevent breaching. The Information Department will be responsible for approving any new account. Also, it is compulsory to submit all requests to the IT Department by using a request form that has been written and signed such that the staff in the department carries out a review of the request for the purpose of approving it or denying it. If it is approved, the appropriate permissions are then assigned. After the creation of the user account, a multifactor authentication token is then given to the user to allow them access the network. Also, the role of the supervisor will be made clear with regards to accessing the account. After the request has been accepted, it is the responsibility of the administrator to ensure that the request is in line with the accorded standards. It is important to note that, a quarterly audit will take place for all the existing user accounts to ensure that they are operating adequately (Jorgensen, 2014). Also, a portal will be created for the purpose of maintaining the users who access the account. The role of the supervisor in this case will be to validate the users or his subjects by corroborating their statuses. It is important to note that the accounts that will be inactive for an approximate of ninety days shall undergo suspension.
Account creation policy-justification
The ideology behind the justification of the policy is to bring about adequate measures when it comes to proper access control. The information and technology department is associating with the principle of segregation of duties (Jorgensen, 2014). The work is to be divided between the supervisor and the administrator to ensure that the access process is adequate for the users. One of the security principles of the special publication 800-14 that can be applied in the process is the provision of a fervent description of the factors to be included in a policy regarding computer security. Another principle is the description of what should be executed in order to advance the current security system in addition to methods in which new practices can be incorporated into the system (Jorgensen, 2014). The account creation policy is as per the Generally Accepted Principles and Practices for Securing Information Technology Systems Intrusion Detection and Prevention Policy of the NIST Special Publication 800-14. An intrusion prevention system, a network behavior and anomaly detection system, software for antiviruses and firewalls shall be included in the systems. Furthermore, when it comes to the security measures, monitoring and auditing of unauthorized access logs in to the systems shall be done by the information security system. Any unauthorized access will be reported and dealt with appropriately especially when there are supposed dangers or threats to the system. Also, measures will be put up to handle the threats before they cause any damage.
The heart-healthy system is one of the adequate systems when it comes to dealing with intrusion cases (Moskowitz, Hicks, & Burchill, 2013). The systems focus is on detection of any interruption in addition to preventing any form of intrusion (Bason, 2015). The heart-healthy system is multi-layered in its security design for the purposes of detecting, preventing and monitoring any form of intrusion. The office in charge of the heart-healthy information system will be responsible for developing guidelines for detecting and preventing any intrusion, and also develop assets procedures that are important for the agency.
When it comes to personnel management, the personnel shall undergo adequate selection process and trained to take charge, make interpretations, maintain and prevent any form of intrusion. The idea is to give everyone the responsibility of ensuring that the system is as per its designated operations (Bason, 2015). The systems for preventing intrusion shall have adequate measures put in place to respond to any threat. Furthermore, the focus of the controls will be on meeting the goals
Intrusion Detection and Prevention Policy Justification
The intrusion detection and prevention Policy has been structured in a way that confidentiality, veracity and access to data is maintained in the heart-healthy systems. This is to ensure that the network is secure when it comes to threats (Moskowitz, Hicks, & Burchill, 2013). The detection allows provision of feedback with regards to the effectiveness of the entire security system. Also, the intrusion detection systems have the ability to respond quickly when an unauthorized access occurs or when an attacker is able to access the systems as per the rules put in place by the network administrator. This is also in line with the principles put in place by the Special Publication 800- 94 (Moskowitz, Hicks, & Burchill, 2013).
Remote Access Policy
For the remote access policy, it is adequate when it comes to preventing any breach. It is, therefore, very important for strict control of the secure remote access by the use of unique credentials of the users and authentication by the use of a VPN account. Using the same procedure that was applied in creating the new user accounts, the supervisor and administrator will have to grant access to the VPN users. When a user receives approval, he or she will then be able to access the network. Furthermore, a multifactor confirmation will be created through an available hardware device that is different from the access of computers. Also, each person will be expected to comply with the policies of the organization.
Remote Access Policy - Justification
When a user wants to gain access to the resources of the company and is out of the network, he or she will have to have approvals from the supervisor and the administrator. This is to prevent any risk from interfering with the companys systems and hence the relevance of the remote access policy (Panek, 2015). In order to align with the privacy rule, the remote access will have to be re-evaluated frequently to ensure that only authorized people or users access the systems. Furthermore, the use of a multifactor verification will prevent any breaches or access by attackers (Panek, 2015).
Bason, C. (2015). Design for policy. New York: Wiley.
Jorgensen, A. (2014). Professional Microsoft SQL Server 2014 Administration. New York: Routledge.
Moskowitz, J., Hicks, J., & Burchill, A. (2013). Group policy. Indianapolis, Ind.: John Wiley & Sons.
Panek, W. (2015). MCSA Windows Server 2012 R2. New York: Wiley.
Cite this page
Account Creation Policy. (2019, Oct 16). Retrieved from https://speedypaper.com/essays/account-creation-policy
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal: