Free Essay

Permissions Oversight and Overview

In:

Submitted By chiefkmo
Words 1020
Pages 5
Permissions Oversight and Overview
Kelly O’Neil
CIS332
Strayer University
Professor Russell Wilson
November 2, 2014

I have been contracted to explain the importance of setting resource permissions on the network of a medium sized company in the local area. Prior to beginning the preparation of the presentation I was approached by a senior company official and informed that an employee recently stole data from the company. The senior official also explained that the company does not have permissions or resource segregation set up on the network. Further, there are numerous file servers in the network that have full control permissions set for the “everyone” group. First and foremost it is imperative that everyone know and understand the importance of setting permissions on data contained on the company network. These permissions extend from computers and hard drives down to individual files. Each and every user on the network must be assigned specific permissions that pertain to their job. In order to safeguard sensitive data, it is necessary to ensure only those employees with a “need to know” will have access to certain data to perform their job. If an employee’s job is primarily data input, they will not need to access data pertaining to a customer’s personal information. By creating groups of users in the network it is possible to simply and easily control the access to certain information on the network. There are just a few basic user groups that are used on a network. The groups are set up and controlled by the network administrators. (Admins) The groups are Administrators; they have the highest level of access on the network. They are responsible for the safe and efficient operation of the entire network, as well as the set up and maintenance of the network. They evaluate all employees and assign them their level of access and assign them to the appropriate group of users. The Admins level of access is full control. They can make changes to the access level of anyone on the network. In order to ensure the accuracy of the control groups the Admins must have a breakdown of the employees and what their job description is. Based on this information the Admins will assign people to the group that has the level of permission needed to perform their job. By ensuring all employees only have the access level required to do their job you have minimized the risks associated with data theft or the chance that an important file or piece of data might be inadvertently changed or deleted. By setting these permissions and restrictions you minimize the risk of either one of these happening. It is important for users to understand that permissions and share restrictions are not in place to keep them from doing their job, they are there to protect data and the network. If a user finds that they cannot access a certain file or folder to do their jobs then all they have to do is contact one of the administrators. The administrator will verify that they do indeed require access to the specified information and they will then add them to the user group so they can get the data they need. In order to set up the system with the required permissions it will be necessary to have all user information. Once all users are identified and their level of access needed has been determined, I will create specified user groups on the network. Each group will be assigned a specific access level based on the users in the group. For instance the training department will have access to all employees training folder. This will be necessary so they can track the training the employee has completed and what training is coming due. In order to emphasize the importance of permissions and segregation I will point out recent examples of major companies that have been victims of data theft or hackers. I will explain how important it is to limit a user’s access to information that they do not need to see.
I will further explain that by having a small group of administrators coordinating all user accounts on the network it will increase the overall efficiency of the network by minimizing users trying to access the same information at the same time. Users will only have to access their information which will be in a specified location to minimize time wasted searching for data.
The use of NTFS permissions is much more secure than standard share permissions. NTFS permissions are set on files and folders on the local users as well as all users on the network. NTFS permissions are set to individual users and are set when a user logs on to the network, regardless of where a user logs on from. (Ntfs.com, 2014) This is a valuable protection especially when you have users that log on from remote sites, company laptops on the road, or from their personal devices. Their profile always follows them.
NTFS permissions are better to use for a few reasons, security is better because it is possible to use permissions and encryption together to restrict access to specific files for certain users. (windows.microsoft.com, 2014) NTFS permissions are network based and will stay with the user from whichever computer they use. NTFS permissions will default to the most restrictive permission if a file has several permissions. (Kaam, 2013) This can happen if a user copies a file and the file retains its inherited permissions.

Reference Melber, D. (2006). Understanding Windows NTFS Permissions. [Online] WindowSecurity.com. Available at: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Windows-NTFS-Permissions.html [Accessed 2 Nov. 2014].

Ntfs.com, (2014). NTFS Permissions. [Online] Available at: http://www.ntfs.com/ntfs-permissions.htm [Accessed 3 Nov. 2014].

Bibliography: Kaam, B. (2013). A little something about Share vs NTFS permissions. [Online] Basvankaam.com. Available at: http://www.basvankaam.com/2013/06/15/share-vs-ntfs-permissions/ [Accessed 3 Nov. 2014].

windows.microsoft.com, (2014). Comparing NTFS and FAT32 file systems. [Online] Available at: http://windows.microsoft.com/en-US/windows7/Comparing-NTFS-and-FAT32-file-systems

Similar Documents

Premium Essay

Coso

... Copyright © 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved. You are hereby authorized to download and distribute unlimited copies of this Executive Summary PDF document, for internal use by you and your firm. You may not remove any copyright or trademark notices, such as the ©, TM, or ® symbols, from the downloaded copy. For any form of commercial exploitation distribution, you must request copyright permission as follows: The current procedure for requesting AICPA permission is to first display our Website homepage on the Internet at www.aicpa.org, then click on the "privacy policies and copyright information" hyperlink at the bottom of the page. Next, click on the resulting copyright menu link to COPYRIGHT PERMISSION REQUEST FORM, fill in all relevant sections of the form online, and click on the SUBMIT button at the bottom of the page. A permission fee will be charged for th e requested reproduction privileges. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Oversight COSO Chair American Accounting Association American Institute of Certified Public Accountants Financial Executives International Institute of Management Accountants The Institute of Internal Auditors Representative John J. Flaherty Larry E. Rittenberg Alan W. Anderson John P. Jessup Nicholas S. Cyprus Frank C. Minter Dennis L. Neider William G. Bishop, III David A. Richards Project Advisory Council to COSO Guidance Tony Maki, Chair Partner Moss...

Words: 3205 - Pages: 13

Premium Essay

Coso

...© 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved. You are hereby authorized to download and distribute unlimited copies of this Executive Summary PDF document, for internal use by you and your firm. You may not remove any copyright or trademark notices, such as the ©, TM, or ® symbols, from the downloaded copy. For any form of commercial exploitation distribution, you must request copyright permission as follows: The current procedure for requesting AICPA permission is to first display our Website homepage on the Internet at www.aicpa.org, then click on the "privacy policies and copyright information" hyperlink at the bottom of the page. Next, click on the resulting copyright menu link to COPYRIGHT PERMISSION REQUEST FORM, fill in all relevant sections of the form online, and click on the SUBMIT button at the bottom of the page. A permission fee will be charged for th e requested reproduction privileges. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Oversight COSO Chair American Accounting Association American Institute of Certified Public Accountants Financial Executives International Institute of Management Accountants The Institute of Internal Auditors Representative John J. Flaherty Larry E. Rittenberg Alan W. Anderson John P. Jessup Nicholas S. Cyprus Frank C. Minter Dennis L. Neider William G. Bishop, III David A. Richards Project Advisory Council to COSO Guidance Tony Maki, Chair Partner...

Words: 3205 - Pages: 13

Premium Essay

A Day in the Life of an Enterprise Architect

...DMV Case Study Purpose of this Assignment (The information below is excerpted from the Virginia Department of Motor Vehicles’ RFP 154:7-061, DMV CSI Systems Redesign Project, available from under Content>Course Resources>DMV_CSI_RFP_083107_Final_Release. Corresponding page numbers from the RFP are given in parentheses at the end of each lettered section heading.) A. DMV Organizational Overview (p. 2) The Department of Motor Vehicles (DMV) is a governmental agency in the Executive Branch of Virginia state government. Under the direction of the Secretary of Transportation, DMV administers motor vehicle and tax related laws for the continued benefit of all citizens of the Commonwealth of Virginia. Specifically, DMV administers motor vehicle titling and licensing laws, driver’s licensing laws, transportation safety laws, tax laws, and other motor vehiclerelated laws and regulations as directed by the Code of Virginia and Federal laws, as amended. DMV employs nearly 2000 full and part-time employees to meet its daily mission of providing transportation services to customers in Virginia. These employees provide services via one centralized administrative Headquarters located in Richmond, Virginia as well as 74 Customer Service Centers (CSC’s) and 13 Motor Carrier Service Centers/Weigh Stations (MCSC’s) dispersed throughout the state. In addition, some services are provided at more than 40 DMV Select offices located throughout the state. DMV Selects are a service alternative...

Words: 2630 - Pages: 11

Premium Essay

Acct323

...practice, professional ethics and using technology in auditing. Catalog Description Prerequisites: Sophomore standing; minimum grade of "C-" in ACCT 311. Topics include: audit and other reports, statistical sampling in auditing, attestation standards, reporting on future-oriented information, accountant's legal liability, Securities & Exchange Commission practice, professional ethics and using technology in auditing. Course Overview Students will become familiar with issues under the AICPA Code of Professional Conduct, pronouncements of the Public Companies Accounting Oversight Board, the Sarbanes Oxley Act, federal securities laws, and cases relating to CPA malpractice. Students will have a thorough professional knowledge of CPA reports on financial statements and special reports. Students will also learn how to apply statistical sampling and technology in auditing. Course Overview Students will become familiar with issues under the AICPA Code of Professional Conduct, pronouncements of the Public Companies Accounting Oversight Board, the Sarbanes Oxley Act, federal securities laws, and cases relating to CPA malpractice. Students will have a thorough professional knowledge of CPA reports on financial statements and special reports. Students will also learn how to apply statistical sampling and technology in auditing. Course Objectives and Learning Outcomes * Learn how to prepare auditor’s reports on financial statements in various situations including scope...

Words: 2718 - Pages: 11

Premium Essay

Business and Management

...Building an Ethical Organization Human service organizations are meant to provide quality assistance when assisting individuals in need. One way to assure that this is so, is be making sure that one understands the many aspect of what ethics truly mean. When considering what an ethical organization stands for, one should always implement these six elements, such as: mission statement, values statement, code of ethics, organizational culture, leadership, and oversight. When building an ethical organization, this simply means that one needs to understand what it truly mean to be efficient, effective, productive, professional, and compassionate human service worker. What one has found while taking this course is that there are many human service organizations/agencies that are in this field only for the financial aspect. Creating an ethical organization begins with hiring ethical people. “Once employed, those individuals must step up to the moral challenge and fulfill the ethical responsibilities they have,’ (McCurdy, 1998) One’s staff should “bear the responsibility for the ethical nature of their organization; it will not do the claim that the organization can somehow “lead individuals to do good or evil or that the organization can be guilty of unethical behavior, apart from identifiable individuals who lead it and staff it” (McCurdy, 1998) Even though this is so, individuals have an indisputable moral responsibility in organizations, people also need their organization moral...

Words: 2425 - Pages: 10

Free Essay

Resume

...Human Subjects Research (HSR) Series CITI Program’s HSR series consists of modules from two basic tracks, Biomedical (Biomed) and Social-Behavioral-Educational (SBE), and a set of Additional Modules of Interest. Organizations may group these modules to form a basic Biomed or SBE course, or a course that combines the two tracks. The Additional Modules of Interest should be used in any course variation, if relevant. The basic Biomed modules have three corresponding sets of refresher modules and the basic SBE modules have two corresponding sets of refresher modules. These refresher modules are intended to provide learners with a review of what was covered in the basic level modules. It is generally recommended that organizations select refresher module requirements that reflect their selections for the basic course(s). Refresher courses should be taken in a cycle at an interval specified by your organization (for example, Refresher Stage 1: 3 years after completion of basic course; Refresher Stage 2: 6 years after completion of basic course). Three additional standalone courses are available: Institutional/Signatory Official: Human Subject Research, and IRB Chair. The Institutional/Signatory Official: Human Subject Research course provides a general introduction to the roles and responsibilities of the institutional official at an organization holding a Federalwide Assurance (FWA). The IRB Administration course offers members of an Institutional Review Board’s (IRB)...

Words: 9766 - Pages: 40

Premium Essay

Roles

...Roles and Responsibilities Teaching Service Last updated 1 January 2015 ROLES AND RESPONSIBILITIES TEACHING SERVICE CONTENTS PAGE OVERVIEW 2 PRINCIPALS 2 ASSISTANT PRINCIPALS 2 LEADING TEACHERS 4 CLASSROOM TEACHERS 5 PARAPROFESSIONALS 7 EDUCATION SUPPORT CLASS 7 Roles and Responsibilities – Teaching Service Page 1 OVERVIEW The roles and responsibilities that can be expected of employees at the various classification levels, including the principal class, is set out below and incorporates Schedule 2 of the Victorian Government Schools Agreement 2013. PRINCIPALS The role of the principal is to lead and manage the planning, delivery, evaluation and improvement of the education of all students in a community through the strategic deployment of resources provided by the Department and the school community. A key component of this role is to increase the knowledge base of teachers within their school about student learning and quality teacher practice. At the same time, the principal, as executive officer of the school council, must ensure that adequate and appropriate advice is provided to the council on educational and other matters; that the decisions of the council are implemented; and that adequate support and resources are provided for the conduct of council meetings. Principals have a clear set of accountabilities, which distinguish their work from other employees in the Teaching Service and the education community and are set out in detail in the contract...

Words: 3164 - Pages: 13

Premium Essay

Risk Management

...Signature below indicates this document has been determined to be accurate and complete. Approved By: ____________________________ Date: __________________ Cynthia KramerDaggett, Senior Director Quality systems (Qualitest Business Owner) Approved By: ____________________________ Date: __________________ David Haas Director IT (Qualitest IT Owner) Approved By: ____________________________ Date: _________________ Larry Kass Dir Compliance & Supplier Quality Third Party Quality (Qualitest - QA Compliance) Approved By: To be signed electronically in Master Control Ed Perazzoli IT Quality & Computer Validation Mgr (IT RM) Table of Contents Revision History 1 Approvals 2 1. Purpose 4 2. Project / System Overview 5 3. Definitions 5 4. INDEX OF ABBREVIATIONS AND ACRONYMS 6 5. References 7 6. Roles and Responsibilities 8 7. Risk Methodology – revisit with change forms. 9 8. Risk Management and assumptions 10 9. Risk Handling 12 10. Deviation Management 14 11. Acceptance Criteria and Validation Summary Report 14 Purpose The purpose of this risk assessment is to identify potential problems before they occur such that appropriate mitigating actions can be taken to reduce or eliminate the likelihood and/or impact of these problems should they occur. This document outlines the potential risks for the implementation and validation of the Compliance...

Words: 2265 - Pages: 10

Premium Essay

Security Policies

...Training……………………………………………………………………………………………………………………………………..............11 Security Breach……………………………………………………………………………………………………………………………………..12 Appendix A SWOT Analysis…………………………………………………………………………………………………………………..14 Appendix B Definitions………………………………………………………………………………………………………………………….17 Appendix C Roles…………………………………………………………………………………………………………………………………..18 Works Cited…………………………………………………………………………………………………………………………………………..19 Introduction An effective IT Security policy protects the organization against possible threats to the infrastructure and data that the organization has. It will provide and maintain its ability to provide confidentiality, integrity, availability, and security of the client’s data within the organization’s environment. Overview The IT Security and Compliance policy for LenderLive Network Inc. will detail the policies, procedures, and guidelines that the organization will adhere to, to ensure compliance of the Graham-Leach-Bliley Act (GLBA) and Federal Trade Commission’s Safeguards Rule. It describes the elements to which the organization intends to ensure the security and confidentiality of covered records, protect against any anticipated threats or hazards to the security of the records, and protect against unauthorized access or use of records or information in ways that could result in harm to clients. Purpose The purpose of this policy is to define the policies, procedures, and...

Words: 4550 - Pages: 19

Premium Essay

MF Global Bankruptcy Case Study

...say that MF Global Inc. had distributed about $3.8 billion thus far and had about $1.5 billion under its control, while there was still $1.2 billion missing. * Jan. 17, 2012: it became known that investigators would focus on the Chicago operations of MF Global Holdings Ltd. after one worker in MF’s Chicago back-office functions said she took issue with congressional testimony by former Chairman Jon Corzine that she provided assurance that a transfer of $200 million was proper. * Jan. 30, 2012: it became known that shortly before MF Global Holdings Ltd. collapsed, its chief financial officer told Standard & Poor's in an e-mail that the futures broker had "never been stronger." S&P provided the House Financial Services Subcommittee on Oversight and Investigations with an excerpt of the e-mail from MF Global CFO Henri Steenkamp. S&P also informed the panel that Jon Corzine, then MF Global's chief executive officer, met with its analysts on Oct. 20 to reassure them that his $6.3 billion position in European sovereign debt was no threat to the firm, according to a Jan. 17, 2012 letter obtained by Bloomberg News. * Feb. 6, 2012: word surfaced that MF Global faced a $310 million margin call on its final day that exceeded its market value. Calls for payments tied to bets MF Global made on European sovereign debt increased Oct. 24 and continued through Oct. 31, the day the futures broker filed for bankruptcy protection, according to a report from James Giddens, the trustee overseeing...

Words: 1546 - Pages: 7

Premium Essay

Branding

...OVERVIEW Qualitative Research Methods: A Data Collector’s Field Guide Module 1 Qualitative Research Methods Overview F A M I L Y H E A L T H I N T E R N A T I O N A L Qualitative Research Methods Overview OVERVIEW T • • • • • • his module introduces the fundamental elements of a qualitative approach to research, to help you understand and become proficient in the qualitative methods discussed in subsequent modules. We recommend that you consult the suggested readings at the end of the module for more in-depth treatment of the foundations of qualitative research. This module covers the following topics: Introduction to Qualitative Research Comparing Qualitative and Quantitative Research Sampling in Qualitative Research Recruitment in Qualitative Research Ethical Guidelines in Qualitative Research Suggested Readings Introduction to Qualitative Research What is qualitative research? Qualitative research is a type of scientific research. In general terms, scientific research consists of an investigation that: • • • • • seeks answers to a question systematically uses a predefined set of procedures to answer the question collects evidence produces findings that were not determined in advance produces findings that are applicable beyond the immediate boundaries of the study Qualitative research shares these characteristics. Additionally, it seeks to understand a given research problem or topic from the perspectives of the local population it involves...

Words: 5199 - Pages: 21

Premium Essay

Adsf Asfsa Dsaf

...Administrative Business • • • • • • • Breaks, bathrooms, food Slides Different presenters Purple folder Questions/participation Survey after each day Questionnaire Introduction Check Your Knowledge Introduction Agenda – Day One • • • • • • • • Research roles and responsibilities Policies and Procedures overview Institutional Review Board Office (IRB) NUCATS NURAP Conflict of Interest (COI) Export Controls Innovation & New Ventures Office (INVO) Introduction Introduction Research Administration Training The need for research administration training exists because of the large dollar amounts in research funding and the importance of compliance: • NU received $511.7 million in research funding in FY 2011 • NU ranked 25th in NIH research funding to universities in 2010 • Ensuring compliance remains a federal priority Source: Office for Research Annual Report. (2011): Northwestern University Introduction Research Administration Training Research Administration training helps Northwestern: • Decrease compliance risks • Administer grants more consistently & efficiently • Provide support for research administrators, faculty & staff • Meet federal government expectations regarding training and communication Introduction Training Objectives During this seminar we will: • Explain the research administration process • Discuss the roles & responsibilities of research faculty and staff • Describe the roles of the central research offices • Review...

Words: 5758 - Pages: 24

Premium Essay

Cmgt 582 Team Paper

...outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should include searches for security events and the abuse of user privileges, along with a review of directory permissions, payroll controls, accounting system configurations, ensure backup software is configured, and backups are completed as required, review network shares for sensitive information with wide-open permissions. During the security audit, a report of offices should be conducted to ensure security policies and procedures are followed. Security Management Currently, PFCH has a Chief Compliance Officer in place to ensure the hospital meets all laws and regulations regarding patient privacy. The CCO is responsible for developing, implementing, and maintaining a system-wide Corporate Compliance program. The COO also oversees the Security Officer, the Director of Medical Records and the Director of Q.A. / Risk Management. In addition to the COO, PFCH has a director of Information Technology on staff to manage and evaluate all business cases the...

Words: 3451 - Pages: 14

Premium Essay

Business Ethics

...Licensed to: CengageBrain User Licensed to: CengageBrain User This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Business Ethics, Ninth Edition O.C. Ferrell, John Fraedrich, and Linda Ferrell Vice President of Editorial/Business: Jack W. Calhoun Publisher: Erin Joyner Senior Acquisition Editor: Michele Rhoades Managing Developmental Editor: Joanne Dauksewicz Editorial Assistant: Tamara Grega Marketing Manager: Jon Monahan Senior...

Words: 16800 - Pages: 68

Premium Essay

Business Communication

...| Corporate Governance2 CreditsBU.231.720.84 Days and time: Wednesdays. 9:00 am – 12:00 pmSpring 2, 2015 March 25 - May 13, 2015HE BaltimoreRoom #206 | Instructor Dr. Demir Yener Contact Information 1625 Massachusetts Avenue, Washington DC. Office: 206K. Phone Number: (202) 650-6022; E-mail Address: demir.yener@jhu.edu Office Hours Mondays 4:30 – 5:00 pm or by appointment Required Text and Learning Materials: 1) Monks, Robert A.G. and Nell Minow. Corporate Governance (5th Ed. ISBN 978-0-470-97259-5), Wiley-Blackwell, 2011 2) Yener, Demir. Corporate Governance Primer 3) Lecture notes on Corporate Governance by Dr. Yener. 4) Other cases and readings to be distributed through BlackBoard as required. (Please note: the latest edition of the textbook will be adopted if there is one available. Please check out our online bookstore for most updated textbook information http://bookstore.mbsdirect.net/jhu-carey.htm.). Please see other required and recommended readings in the class schedule. Blackboard Site A Blackboard course site is set up for this course. Each student is expected to check the site throughout the semester as Blackboard will be the primary venue for outside classroom communications between the instructors and the students. Students can access the course site at https://blackboard.jhu.edu. Support for Blackboard is available at 1-866-669-6138. Course Evaluation As a research and learning community, the Carey Business...

Words: 3438 - Pages: 14