Mile2 Cybersecurity Certifications

Cybersecurity Certifications

OCU C)ISSO D Discussion Lesson 04

Viewing 3 reply threads
  • Author
    Posts
    • #65768
      Jessica Jagerson
      Keymaster

      Choose one of the following to discuss in detail.  Give at least 4 examples that include information from the text and videos (at least 2 examples from each).

      1. Access control characteristics and threats to access control.
      2. Information Classification: Reasons, criteria, levels, and benefits.
      3. Access Control Models and Technologies: models, and model types
      4. Access Control Methods: administration, RADIUS pros, cons, and characteristics
    • #85029
      Kelly Crooks
      Participant

      RADIUS- Remote Authentication Dial-In User Service.

      Pros:
      RADIUS is open-source and readily available
      RADIUS utilizes the client/server model to authenticate and authorize users
      Radius allows for unique credentials for each user
      RADIUS passwords do not routine changing
      RADIUS allows IT admins to have one point of contact for user management
      RADIUS makes it easier to control who or what has access

      Cons:
      RADIUS uses connectionless protocol using UDP
      RADIUS maintenance can be difficult and time-consuming
      RADIUS initial setup can be difficult
      RADIUS setup can be complicated
      RADIUS can be hard to know which version is best to choose
      RADIUS has options that can be costly and require long-term commitments

      Some of RADIUS’s characteristics include the AAA protocol(Authentication, Authorization, Accounting, and Auditing). Cloud-based RADIUS a-as-a-Service offers similar capabilities. De facto standard for the authentication protocol. Open source means it has been integrated into many vendor products. RADIUS works on the client/server model. RADIUS is deemed connectionless since it is based on UDP.

      The methods for centralized access control using RADIUS include:
      The user connects to the server.
      The access server requests authentication data from the user.
      The RADIUS client sends authentication data to the RADIUS server.
      RADIUS server compares data to the database.
      RADIUS server sends the response.
      If Accept is the response the RADIUS client allows the user to access the network.

      • #85045
        Marcena Davis
        Participant

        RADIUS is a powerful tool for managing user access in networks. The idea of having one point of contact for user management is especially appealing – it seems like it would simplify the process for IT admins and reduce the likelihood of errors or oversights.

        However, the cons you listed are definitely worth considering as well. It’s important to weigh the benefits against the potential difficulties and costs of implementation and maintenance.

        I’m intrigued by the possibilities of RADIUS and the flexibility it offers for controlling access to network resources. It’s fascinating to think about the different ways it could be used to enhance security and streamline user management.

    • #85043
      Marcena Davis
      Participant

      I chose to discuss “Information Classification: Reasons, criteria, levels, and benefits” in detail.

      Information classification is the process of categorizing information based on its level of sensitivity and value to the organization. This classification helps organizations to identify the appropriate level of protection and access control required for different types of information. Here are four examples that illustrate the reasons, criteria, levels, and benefits of information classification:

      Reasons: Information classification is important for several reasons, including compliance with regulatory requirements, protection of intellectual property, and safeguarding against unauthorized access and theft. For example, the text discusses how compliance with regulations such as HIPAA and PCI DSS requires organizations to classify information and implement appropriate controls to protect it.

      Criteria: The criteria for information classification typically include factors such as the level of confidentiality, integrity, and availability required for the information, as well as the potential impact of a breach or loss. The video provides an example of how information about employee salaries and bonuses might be classified as confidential and high-impact, requiring strict access controls and monitoring.

      Levels: Information classification typically involves assigning different levels or categories to different types of information based on their sensitivity and value. The text describes a common classification scheme that includes four levels: public, internal, confidential, and restricted. The video provides an example of how medical records might be classified as restricted, requiring the highest level of protection and access control.

      Benefits: The benefits of information classification include improved protection of sensitive information, more efficient use of resources, and better alignment of security measures with business objectives. The text discusses how information classification can help organizations to prioritize their security investments based on the level of risk associated with different types of information. The video provides an example of how information classification can help to ensure that resources are allocated appropriately based on the level of risk and impact of a breach.

      Overall, information classification is a crucial aspect of information security management, as it enables organizations to determine the level of protection and access control required for various types of information. By implementing a reliable framework for information classification, organizations can protect their valuable assets from unauthorized access and misuse, thereby contributing to their long-term success.

      • #85065
        Kelly Crooks
        Participant

        I agree that information classification helps organizations determine what level of protection and access control is required for their various types of information. I have seen this used firsthand both in my organization and the underground lab my brother works for. While my customer’s information and the organization’s financial information are important and require a more secure level of protection the information that the underground lab needs protected are much more critical and requires a much higher level of protection. My brother had to apply for a top-secret security clearance with the Department of Homeland Security. They want to make sure those who are protecting their assets can be trusted and are reliable.

    • #85710
      Kevin Mehok
      Participant

      IST3100 Information Systems Security Officer
      Week One
      Discussion #4
      Kevin Mehok

      How is access to IT systems and data controlled? Well this week we have each learned that over time the ways in which IT systems can be accessed has grown, and the job of securing those system and their data has become increasingly more complex (Precisely, 2023). High-profile breaches have spawned a host of compliance regulations that further expanded the ways and thus the complexities in which organizations needed to secure their systems and protect sensitive data (Precisely, 2023).

      Access control systems perform identification authentication and authorization of users and entities by:

      Strengthening logon security through multi-factor authentication
      Restricting user privilege through elevated authority management solutions
      Granting requests for access to systems and data based on the identity of the user and the context of the request (Precisely, 2023).
      A complete system access control solution requires a layered defense to protect access control systems (Precisely, 2023).

      How is system access control performed? Well, once again, we have learned this week that a system access control solutions determine how users are allowed to interact with specific systems and resources (Precisely, 2023). A robust system access control regime gives an organization the ability to manage, restrict, and monitor user activity while protecting sensitive systems and data (Precisely, 2023).

      God Bless,

      Kevin

      References:

      https://www.precisely.com/glossary/system-access-control

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email information@mile2.com .