Creating – PVSS Controls
Entity controls
Entity control can be done by Public key infrastructure which sets up entities called certificate authorities. These certificate authorities will be responsible for implementing PKI on the certificates. The certificate authority is trusted such that user is able to delegate the issuance, acceptance, construction, and revocation of certificates to the authority. An analogy to this would be a bouncer who is trusted to only allow some specific people to enter a nightclub.
Network Level Controls
Network access control can be deployed anywhere in the network. In most cases, however, it is deployed close to the Active Directory, in the data center, or in other identity sources that the network uses. The network-level controls will intercept DHCP requests from the network’s connected devices. It does this to profile devices and uses and also carries out authentication of the devices using the identity sources (Pfleeger & Pfleeger, 2002). To enforce these controls on switches, an organization can use SNMP or 802.1x.
Operating System Level controls
The operating system level controls will be defined in the network operating system and will be scheduled to identify the users that are authorized. It will also specify the access privileges that go in line with the other controls. For administrative privileges by the users on accounts, they must receive additional scrutiny by the two-factor authentication tokens. The controls will be able to terminate temporary accounts automatically, disable inactive accounts, and audit the creation of accounts, modification, and termination (Poremba, 2017).
Database Server Level Controls
Database server-level controls can be created through approved authorization to reduce the chances of unauthorized information disclosure and to detect any changes to the information that is not authorized. The control mechanisms will compare the security attributes of data (content and structure), destination objects, and source objects. The appropriate response such as alerting the administrator will take place.
References
Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
Poremba, S.M. (2017). Network Access Control: Restricting and Monitoring Access to Your Network and Data. Retrieved from https://www.esecurityplanet.com/network-security/network-access-control.html
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
As you begin to perform the information systems audit for PVSS, assume the identity of a different person in the scenario. For this Discussion Board, you are now the Network Systems Manager for PVSS.
As the Network Systems Manager, how would you create the following four controls (or policies) to be used by PVSS:
Entity level control
Network level control
Operating system level control
Web or database server-level control