...Running head: CASE STUDY 1 BUILDING AN ACCESS CONTROL SYSTEM 1 Building an Access Control System Case Study 1 Holly Dillon Professor Jennifer Merritt Systems Analysis and Development CIS/210 April 28th, 2014 BUILDING AN ACCESS CONTROL SYSTEM 2 Building an Access Control System Project Scope Description As a member of the Information Security Team at a small College, I have been made the Project Manager to install an Access Control System (ACS) in a dormitory. For this small College an ACS (Access Control System) needs to be implemented to unlock the dormitory doors, to record a person as they use their identification card to unlock the door. An electronic proximity reader is needed to integrated with the existing security camera system with the camera’s being able to face and rotate at the door. The tasks to put in place are simple and easy to follow along with guidelines for each step. Rosenblatt. (2012). The five major tasks with descriptive information that I am putting in place with a timeline for the project are as follows: Rosenblatt. (2012). Obtain Authorization To obtain documentation authorization you on the go ahead of the project, its planning, implementation, testing, and training of the system 1 Day Develop Plan Developing a project...
Words: 886 - Pages: 4
...Case Study 1: Building an Access Control System Building an Access Control System Marcelino P Figueroa Dr. Shah Strayer University, Woodbridge - VA This Project consist of a team of five specialists that will work together to successfully build an Access Control System for a College campus that has existing cameras. Pete will be leading the team of five on this project with that he will also be responsible of the projects progress, he will be in constant follow up with the senior management to deliver real time project completions and analyzing every task throughout the way. The first task is to Order all that is need to build the access control system. Pete assigned Chris, Kevin, Tonia, and Rich to review the industry leading ACS (Access Control Systems) methods in order to better fulfill the college campus’s security needs, they have two days to complete the task. Tonia has been assigned to select the components within four hours once complete she has to select the materials which needs to be complete within four hours. Chris is responsible on ordering the selected components and materials within two hours, while the ordering task is under-way, Jerry posted the maintenance signs all around the college campus to create awareness of the work that’s in the process. Once the components and materials are received in its entirety Chris, Kevin, Jerry, and Rich will team up to build and install the access control system. Once the installing task is complete,...
Words: 369 - Pages: 2
...Project Scope This project scope is to install Access Control System (ACS) in the college dormitory. To identify the project’s goals, objectives, deliverables, tasks, costs, deadlines, expected leading staffing and none-staffing resources needed (Bidgoli, 2014). For a project this size, the company is limited to using current staff to complete the project. The size of the dormitory is five doors entering and exiting the building. The building has five moving cameras installed located at each doorway. The project is set for thirty days completion timetable. The current system analyst will be the project manager, and his responsibilities are as follows: • Project planning – identifying the project task estimating the completion time and cost of the project. • Project Scheduling – Creating a timetable for specific tasks. • Project monitoring – Guiding, supervising, and coordination the team's workload, and making decisions based on the team's workload and taking action to make corrections to keep the project on track. • Project reporting – This includes updates from his management, about current users and project team members on attitude and the overall effort of the team. (Rosenblatt J.H., 2014) A successful project will be completed on time, within budget and deliver a quality product that meets all requirements that were requested. A listing of the primary task and subtask are as follows: • Obtain equipment 1. Request bids from different vendors. 2. Evaluate...
Words: 326 - Pages: 2
...Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Case Study: Critical Controls that Could Have Prevented Target Breach In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. AD Copyright SANS Institute Author Retains Full Rights Case Study: Critical Controls that Could Have Prevented Target Breach GIAC (GSEC) Gold Certification Author: Teri Radichel, teri@radicalsoftware.com Advisor: Stephen Northcutt Accepted: August 5th 2014 Abstract In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. This paper will explore known issues in the Target breach and consider some of the Critical Controls that could have been used to both prevent this breach and mitigate losses. From what is known about the Target breach, there were multiple factors that led to data loss: vendors were subject to phishing attacks, network segregation was lacking, point of sale systems were vulnerable to memory scraping malware and detection strategies employed by Target failed. A possible solution for preventing and mitigating similar breaches...
Words: 8983 - Pages: 36
...Assignment: Improving Security through Layered Security Control Learning Objectives and Outcomes * Analyze the given case study to evaluate how information technology (IT) security can be improved through layered security control. Assignment Requirements Read the text sheet named “Global Access Control Case Study” and prepare a report capturing the following points: * Synopsis of the given case problem * Analysis of the strengths and weaknesses of the steps taken by the organization * Assessment of access control/IT domains given in the business problem for data confidentiality, integrity, and availability * Evaluation of how layered security proved to be a positive solution in the given problem, including the impacts of layered security In addition, your report must also include answers to the following questions: * What is the significance of compliance and financial reporting from an insecure system? * What influence did the risk management process have in Global fulfilling its goals? * What is the significance of remote external access into the Global network? * What are the other tools comparable to the ones used by Global to solve their internal problems? Required Resources * Text sheet: Global Access Control Case Study (ts_globalcasestudy) Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: APA * Length: 1–2 pages Self-Assessment Checklist ...
Words: 1445 - Pages: 6
...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...
Words: 1428 - Pages: 6
...initiated with group 5 members. The plan has considered the Sunnylake hackers who have caused an access denied on EMRs so the DRP that is going to be implemented and will include management procedures and technology procedures to insure an on-time recovery. So the crisis being faced is hacked EMRs so doctors and nurses are at risk of medication errors and drug interactions, what was the most efficient method has becomes less reliable. Moverover if the recovery time takes longer there is little hope of reverting to EMRs. Some patients are receiving the wrong prescription due to a poor adjustment to the tedious and robust situation. Infrastructure (replace): Attempts for system restore, contemplating to pay ransom demanded by extortionist. Use of paper records as means of keeping patient and medication records and patients’ confidential information and doing filing as alternative means of record keeping. Whilst the hospital workstations being the major points of data entry. People (retain): The proactive participants and their role at Sunnylake; George Knudsen - (Chief of staff), Lisa Mankins - (Sunnylakes head legal counsel), Jacob - (IT personnel), Paul-(IT Director); Doctors, Nurses; Hackers; Patients, Chief executives and boards. Richard L. Nolan a coauthor of Adventures of an IT Leader and holds the M.Condit Chair at the University of Washington-( Commenter of case study). Peter R. Stephenson Chairman of the department of computing and the chief information...
Words: 933 - Pages: 4
...information systems have pervaded deep and wide in every modern day organization. An organization must exercise control over these computer based information systems because the cost of errors and irregularities that may arise in these systems can be high and can even challenge the very existence of the organization. An organizations ability to survive can be severely undermined through corruption or destruction of its database; decision making errors caused by poor-quality information systems; losses incurred through computer abuses; loss of computer assets and their control on how the computers are used within the organization. Therefore managements across the world have deployed specialized auditors to audit their information systems to find out gaps between declared policies and actual use and shortcomings in the information system design and usage. Information Systems Audit is the process of collecting and evaluating evidence to determine whether a computer system has been designed to maintain data integrity, safeguard assets, allows organizational goals to be achieved effectively and uses the resources efficiently. The IS Auditor should see that not only adequate internal controls exist in the system but they also wok effectively to ensure results and achieve objectives. Internal controls should be commensurate with the risk assessed so as to reduce the impact of identified risks to acceptable levels. IT Auditors need to evaluate the adequacy of internal controls in computer...
Words: 6839 - Pages: 28
... | | |Accounting Information Systems | Copyright © 2009, 2007 by University of Phoenix. All rights reserved. Course Description In this course, students examine the fundamentals of accounting systems design. Topics include business information systems, business processes and data flows, database concepts and tools, internal control and risks, auditing the information system, and using the information system to perform audit functions. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must be logged into the student website to view this document. • Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Bagranoff, N. A., Simkin, M. G., & Strand Norman, C. (2008). Core concepts of accounting information systems (10th ed.). New York, NY: Wiley. Hunton, J. E., Bryant, S. M., & Bagranoff, N. A. (2004). Core concepts of information...
Words: 2534 - Pages: 11
...Case Study 2: Cloud Computing CIS500: Information Systems Decision-Making 2012, December 2 How did Ericsson benefit from Amazon Web Services (AWS)? According to Amazon’s Web Service website, it gives users the option to run just about everything using their service applications. By incorporating cloud computing, users are able to cut variable costs to a more attractive scale for the business by eliminating costly administrative and hardware fees. Due to remote access, Ericsson was able to immediately take advantage of AWS’s benefits since the infrastructure was already up and running. Demands change quickly and it’s important for a company to be able to adjust accordingly. By using the cloud system, Ericsson was able to employ software updates and new applications quickly and more effectively. AWS services hundreds of thousands of customers in more than 190 countries, making their global infrastructure far more expansive than competitors; this allowed Ericsson to have data centers in various parts of the world. According to information provided in the case study, Ericsson chose AWS because they felt it was “the most integrated public cloud provider in the Rightscale Cloud Management Platform (Rightscale)”. Amazon EC2, Amazon S3, and RightScale Amazon EC2 The AWS website describes Amazon Elastic Compute Cloud (Amazon EC2) as a web service that provides resizable compute capacity in the cloud, making web-scale computing easier for developers. It also allows you to...
Words: 1122 - Pages: 5
...Systems Design What is a System? Give examples. A set of components working together for a common objective Information Systems (Web-based) H/w, S/W, people, Data, Procedures, Web-portals What is SDLC? Systems Planning, Systems analysis, systems design, systems development, implementation, maintenance IS alignment IS Success IS usage User satisfaction Information waste IS enabled Competitive advantage Orgl change Orgl learning TAM Easy to use Perceived personal usefulness Web-based Information System Banner – Assess the levels of Flexibility Stakeholders What is Systems Design? Input design Output Design Interface design Database Technology – Network architecture, Communications Technology Flexible Systems Design for Web-based IS? Examples: Banner, Amazon.com, Dell.com – Identify the systems design elements Flexible Systems Design for Web based Information Systems (Research) BOM changes affect MRP In the Banner system, what are the changes that could occur? How do we respond to these changes? Interviews them Users – Students, Registrar (Shannon), Dean, etc. Designers / Planners – Gary Administration - Explore the dimensions – Extent, Options, cost, easy, Range, etc. Gain more insight by getting more examples. • Application architecture Design • Interface design (User/ System) • Database • Network • Prototype • Systems controls Case...
Words: 1598 - Pages: 7
...ACC203 ACCOUNTING INFORMATION SYSTEMS T0214 Section 1: General Information 1.1 Administrative details: |Associated HE Award(s) |Duration |Level |Subject Coordinator | | B Bus (Accg); B Bus (Mgt & Finance) |1 trimester |Level 2 | Richard Chang | | | | |richard@koi.edu.au | 1.2 Core / elective: This is a core subject for B Bus (Accg) and an elective subject for B Bus (Mgt & Fin) 1.3 Subject/unit weighting: Indicated below is the weighting of this subject/unit and the total course points. |Subject Credit Points |Total Course Credit Points | | 4 |BBus(Accg) 96; BBus (Mgt & Finance) 96 | 1.4 Student workload: Indicated below is the expected student workload per week for this subject/unit: |No. timetabled hours/week* |No. personal study hours/week** |Total workload hours/week*** | |4 hours/week |5 hours/week |9 hours/week | |2 hour Lecture + 2 hour Tutorial...
Words: 3902 - Pages: 16
...Unit 5 IP – Challenges and Security Issues American InterContinental University Abstract In this assignment, review of three different case studies will be discussed. Topics will include when an antivirus software cripples your computer, determining how secure cloud computing is, and electronic medical records systems. After the review of each case study, a set of questions will be answered to provide details on each study as to what was reviewed. Challenges and Security Issues (Case Studies) Introduction In this assignment, review of three different case studies will be discussed. Topics will include when an antivirus software cripples your computer, determining how secure cloud computing is, and electronic medical records systems. Case Study #1 When Antivirus Software Cripples Your Computers On April 21, 2010, McAfee crippled hundreds of thousands of McAfee equipped machines, by mistakenly sending an update to its users reclassifying svchost.exe as being a malicious file which was known as W32/wecorl.a virus (Humphries, 2010, para 1-2). The factors that were responsible for this software problem was that McAfee failed to send users a warning notifying them that svchost.exe was going to be either deleted or quarantined; instead they deleted the file completely. On the other hand, failure to detect this error was at the fault of McAfee’s automated quality assurance. Another reason this spread so quickly is because of the high demand for faster antivirus updates....
Words: 1227 - Pages: 5
...requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s): Imran Ashraf Address: c/o Gulfam Abbas, Älgbacken 4 LGH 081, 37234 Ronneby, Sweden E-mail: im_qamar@yahoo.com Phone: +46 700746734 Amir Shahzed Khokhar Address: c/o Gulfam Abbas, Älgbacken 4 LGH 081, 37234 Ronneby, Sweden E-mail: amir_ask@yahoo.com Phone: +46 760811926 University advisor(s): Professor Lars Lundbarg School of Computing Blekinge Institute of Technology, Sweden External advisor(s): Magnus Vigerlöf Ericsson AB Address: Ölandsgatan 1, 371 23 Karlskrona Phone: +46 10 7140404 School of Computing Blekinge Institute of Technology Box 520 SE – 372 25 Ronneby Sweden Internet Phone Fax : www.bth.se/com : +46 457 38 50 00 : + 46 457 102 45 2 Abstract Centralized databases are becoming bottleneck for organizations that are physically distributed and access data remotely. Data management is easy in centralized databases. However, it carries high communication cost and most importantly high response time. The concept of distributing the data over various locations is very attractive for such organizations. In such cases the database is fragmented into fragments and distributed to the locations where it is needed. This kind of distribution provides local control of data and the data access is also very fast in such databases....
Words: 17534 - Pages: 71
...Trading & Risk System London: +44 20 7632 0170 Moscow: +7 495 925 7245 Singapore: +65 6738 6525 New York: +1 212 904 0740 Kuala Lumpur: +603 2776 6805 moreinfo@aspectenterprise.com 10 Things You Should Know Before Buying An Energy Trading & Risk System -- Table of Contents -- Part I: The 10 Key Points To Consider Before Buying An ETRM System......................Pages 1-5 1. Hardware Vs. So ware-as-a-Service (SaaS) 2. Speed Of Implementa on 3. Integra on 4. Customiza on 5. Affordability 6. Access 7. Security 8. Protec on Against Loss 9. Project Management 10. Scalability Part 2: A Problem-Solving Approach By Leading Companies ...................................Pages 6-11 Read About Four Very Different Companies & Their Success In Approaching & Implemen ng An Energy Trading & Risk System. Case Study 1: Singapore, Trading Company With Bunkering Opera ons (Company Confiden al) ....................................Page 7 Case Study 2: Germany, Trading Company With Bunkering Opera ons (Company Confiden al)...................................Page 7-8 Case Study 3: Africa, Regional Trading Company: Linetrale ............................................................................................Page 8-9 Case Study 4: Russia, Large Integrated Oil & Gas Company: TNK-BP.........................................................................Pages 10-11 The Costs Of Failing To Manage & Control Risks Are High. The Right ETRM System Is Essential. ...
Words: 5620 - Pages: 23