Project 2: Authentication, Authorization, and Access Control
Step 9: Research Industry Best Practices (1 page)

In the first three steps, you gathered information regarding authentication, authorization, and access control and had an opportunity to apply these concepts through training. You have thought about how to apply this knowledge to your organization, and you wrote reports on how psychology, anonymity, and privacy awareness affect cybersecurity. You are finally ready to meet with your peers in the industry to get a sense of current practices.

The peer discussion can take various shapes. Research online articles and/or interview colleagues, friends, and acquaintances in different fields to gather the most current information of what various industries are doing to face their cybersecurity needs. The information and ideas that you obtain here will help you to formulate a recommendation and develop a job aid for the human resources (HR) managers that John requested. You will need to at least cover the items in the list below.

Give examples of authentication, authorization, and access control that you have seen in your experience, in your assigned organization, and/or in research and interviews.

Discuss what worked well and what could be improved.

Discuss the role of policy in defining and implementing authorization schemes as applied to your experience.

Apply key points and principles in the NIST cybersecurity framework for virtual machine cybersecurity.

• Analyze the technologies, uses, and roles of information assurance and software protection technologies.
• Prioritize current cybertechnological threats faced at the enterprise, national, and international levels.
• Evaluate the procedures, policies, and guidelines used to protect the confidentiality, integrity, and availability of information (CIA triad).
• Step 10: Formulate Recommendations (1 page)

From the information that you have gathered throughout this project, formulate a recommendation for authentication, authorization, and access control. If you determine that your organization needs no changes in these areas, explain your position and what leadership (and you, as CISO) will continue to monitor to ensure that security standards are commensurate with expectations.

Make sure to consider the needs of restricting data from department to department as appropriate, protecting the organization’s HR data from outside and inside threats in general and allowing for employees to access the data they need while offsite. Also consider the human aspects of cybersecurity from the previous steps. Include a recommendation for an ongoing risk management strategy. You will include your recommendations in your Implementation Guidance Presentation in the last step.

• The recommendation must meet the following criteria:
• coincide with IT vision, mission, and goals
• align with business strategy

incorporate all internal and external business functions

create the organizational structure to operate the recommendation and align with the entities as a whole

In the next step, you will take your recommendations and use them to create a job aid for HR managers regarding authentication, authorization, and access control so they can spread the information to the various departments.

Step 11: Develop a Job Aid (2 pages)

Now that you have formulated your recommendation for authentication, authorization, and access control, you will develop a job aid that the HR managers can take to their departments after the presentation.

This job aid will empower the HR managers to educate their staff on the topics of authentication, authorization, and access control in a simple and effective way to improve the security of their systems. The job aid will be distributed after the presentation.

• Develop a short (two- to three-page) job aid that explains the differences between authentication, authorization, and access control using common-sense examples to help the reader understand the differences and the importance of each in protecting the organization’s information. The job aid should address all the items listed below.
• Define—in layman’s terms—authorization, authentication, and access control, and the relationships between them.
• Identify and articulate examples that are easy to comprehend and that would resonate with the company’s leadership.
• Describe the importance of authorization, authentication, and access control to the overall security of the organization. Use details of the company’s products/services and the need to protect them to emphasize the need for strong controls.

STEP 11 

-Cover page 

– Intro 

-3 para – explain using examples authentication, authorization, access control, include issues and potential access control models, also industry best practices keeping in mind technology, info assurance and software protection technolgy. 

3 para – importance of authorization, authentication and access control to your organization including threats faced at the enterprise, national and international level -use examples of your company’s products and services and the need to protect them. 

-Conclusion 

• – References.
• Step 12: Develop the Implementation Guidance Presentation (10 pages)
• In response to the request from the CTO and VP of HR, you will develop a presentation for HR management which discusses how to limit access to specific types of data and protect vulnerable data from outside threats. You will explain the lineage of data, data ownership, and data-access related authentication, authorization, and access control. You will also take this opportunity to educate on the basic principles of data/network access control and to advocate for stronger access controls.

You will develop an 18- to 20-slide presentation that clearly explains the principles of authentication, authorization, and access control, examines various models, and recommends a strategy for the organization. You will use the information that you have gathered in the initial steps of this project. Make sure to include the following:

Describe authentication, authorization, and access control as an important security concept.

Evaluate the different models and examples of authentication, authorization, and access control.

Make the case for changes to the organization’s authentication, authorization, and access control policies/systems.

Present the recommended strategy.

Discuss how you will evaluate the effectiveness of the security program.

STEP 12 Powerpoint Presentation 

– Implementation Guidance 

– Title page 

– Agenda 

– 1 slide – explain authorization, authentication, access control 

• – 3 slides – different models and examples for each – authorization, authentication and access control. Don’t give me all of one type, they are all similar, but different. 
• 3 slides – Recommend changes to your organization’s authorization, authentication and access control. One slide for each, authentication, authorization and access control. 
• 1 slide – Summarize your recommendations 
• 1 slide – How you will evaluate the change

  My selected organization is Capital One and I am considered the CISO. Below are the evaluation compentencies

• 5.3: Support policy decisions with the application of specific cybersecurity technologies and standards.
• 6.2: Create an information security program and strategy, and maintain alignment of the two.
• 6.3: Integrate the human aspect of cybersecurity into an organization’s cybersecurity policy.
• 9.3: Risk Assessment: Assess policies, processes, and technologies that are used to create a balanced approach to identifying and assessing risks and to manage mitigation strategies that achieve the security needed.