USA: +1(669)289-8683 
Sign in
This is the third assignment of the series. Continue the Applying Risk Management Consulting assignment for your chosen organization.
Refer to your Week Three individual assignment.
Write a 4- to 5-page business proposal in which you cover what concerns and potential actions the organization should take for each of the following areas:
- How to manage and control the use of cloud resources and other service providers that may be used for processing and data storage outside the organization’s physical locations
- Specific recommendations to control mobile access to organizational system users (employees and customers)
- Identify specific issues to be addressed with business partners and inter-connection of systems.
Note: Brief the organization on the major issues involved but keep each section succinct.
Using Roles
Agenda
The value of separating duties in the organization.
The value of using roles to segregate the data and system access needs of individuals in the organization.
Why a role-based access control (RBAC) system would be the best way to accomplish this, including both the advantages and disadvantages of such a system.
2
value of separating
The value of separating duties in the organization:
The value of separating duties in a company is to reduce the conflict of interest.
No one in the company should have to control over anything this prevents fraud that can be cause by any single individual that may not have the companies best interest.
One of the prime example would be when a developer leaves a backdoor to troubleshoot or to update an application or operating system. If this is done the company needs to be inform. The most reasonable thing to do is to either have a separate individuals to develop the app or operating system or have and independent developer double checking the developers work.
3
using roles to segregate
The value of using roles to segregate the data and system access needs of individuals in the organization:
Role Based Access Control: A control method that limits the access to data that can be access by the authorized users. It assigns control to specific users based on there assign duties. Any particular user can be assign multiple roles to conduct day to day task.
4
Advantage and Disadvantages of role-based access control
Why a role-based access control (RBAC) system would be the best way to accomplish this, including both the advantages and disadvantages of such a system:
Advantages: RBAC can be tailored to any companies business model and security risk tolerance. It is low maintenance. Once implemented it can be scaled for growth.
Disadvantage: The initial set up of the RBAC is the most time consuming as one needs create the following.
Master Plan: project design and scope, timeline and budget, and a set of bench marks.
Compile information: hardware and software, listing of all servers, data bases and applications.
Define all roles: Compiling a comprehensive list of all job functions.
Analyze all role to determine access: plan that details how roles will be changed and updated. The way new users get registered and how the accounts will be terminated.
Integrate RBAC across all applications: This is the step that is to provide a security and the company wide information access system.
Implement education and organizational change: Education and training from the top down.
5
Questions?
6
References Page
John Gregg, M. N. (2018, January 08). Sans Institute of Technology. Retrieved from Sans Institute of Technology: https://www.sans.edu/cyber-research/security-laboratory/article/it-separation-duties
Lord, T. G. (2003, November 06). ComputerWorld. Retrieved from ComputerWorld: https://www.computerworld.com/article/2573892/security0/how-role-based-access-control-can-provide-security-and-business-benefits.html
