Learning Objectives

1. Demonstrate knowledge of access control concepts like levels of access control permission, control types and control objectives related to risks, challenges of identity and access management.
2. Analyze the given scenario.
3. Apply the knowledge in a scenario.

Instruction

XYZ Network Solutions provides network services and value-add communications to customers in several countries in Europe and North America.

The corporate headquarters is in Miami Florida with offices in Chicago, London, UK and Frankfurt, Germany. The company has a sales division with eight employees led by Andre Wisser, human resources with three employees led by Jane Aubin, Technical and Communications with 45 employees led by Peter ODay. Finance is led by Andrea Worth but most of the Payroll and Finance functions have been outsourced to a SaaS Cloud Provider.

During peer review it would be important to ensure that the answers provided are thorough and address the wide range of issues associated with access control.

1- Project Title *

2- What tool can be used to map out all the roles and responsibilities that will be needed to set up an access control model?

3- List all forms of access controls that would be needed (note more than just data protection)?

4- Develop an access control model for XYZ Network Solutions. What types of access controls would you recommend (Rules? Roles? Biometrics, etc.)

5- What is the advantage of using a single sign on solution?

6- Would you recommend the use of biometrics what are the advantages and disadvantages of using biometrics?

7- Develop a policy and procedure for managing identities throughout the identity lifecycle.?

8- What form of trust would be appropriate between the head office and branch offices?

9- Where would XYZ Network Solutions deploy device or node authentication?

10- Should XYZ Network Solutions use strong authentication? Why?

11- Where would attribute based access control be used?