Nt1310 Unit 9 Final Paper

Q4: What are the 5 of authentications available? List them form least secure to most secure, while designing SQL Server’s Object level security? You are also required to fill in the classification field in the following table based on the security topology of Active directory running on a SQL server.

Based on the premises that Richman has 5000 employees throughout the main office and several branch offices, this document dictates research solutions and details the appropriate access controls including policies, standards, and procedures that define who users are, what they can do, which resources they can access, and which operations they can perform on a system. |

A firewall will be used so that UN authorized users will be restricted. Parts of security will be different user account and password for each member.

IT Coordinators create a user accounts for every employee at McGraw-Hill. Once an account is created, the employee would have 72 hours to logon to RAR system and create a password to access the data. After the employee has access to server he/she will have rights to create ticket, create customer, edit customer, and open a close ticket. The only right that employees wouldn’t have access to is deleting users, and data override.

The Office of the National Coordinator for Health I.T must ensure that the user access rights and privileges are granted based on the work assigned to the employee. The information system will only give employees permission and privileges that are enough to enable them to carry out their regular duties.

Access controls, this control refers to who can access all the vital information about the business, its assets which include inventory, land and building, its liabilities like bills, credits and rent and equities. This information is kept

As a business owner, you want to make sure you keep your business secure both during and after working hours. One tool you can use to keep your business as secure as possible is an access control system.

3. As a security precaution, each plant should not have access to other plant’s data. The application should implement role-based authentication to grant access to role-specific information.

After the role-specific access to specific types of data is defined, the system shall be responsible for the user-defined access control that the organization shall have proposed. The system shall allow only those members registered within the network that have the protocol to view confidential healthcare data. If some data has more priority than other types on the basis of confidentiality keeping, then several methods, such as multiple permission controlled access and periodic access to that data can be applied to remove and breach issues and related concerns. Departments should be reviewing and auditing unauthorized access monthly to eliminate a possible

The advent of mobile computing has done funny things to authorization. Computers used to stay in one place—but now every single user has a tiny computer in their pocket that they can use from anywhere. This leads to an interesting question for AuthZ: How should your environmental context influence your authorizations?

Availability: It is a kind of guarantee of consistent access to the data or information by authorized people only.

For instance, the design has servers that verifies and validates through activate directory of users. Through active directory, access to specific applications/databases is determined. In addition, encryption and firewall rules will further enhance the security of data. Moreover, 2-factor authentication feature is designed for remote users accessing EMRS database from remote locations.

Role-based access control (RBAC) implementation saves time and effort in the management of large numbers of user permissions. It also creates efficient enforcement; users are assigned to specific roles and the roles are assigned permissions based on the user`s job requirement.Users can be assigned multiple roles and each role has a defined set of permissions needed to access different objects. RBAC simplifies the auditing of user permissions for regulatory compliance.

Users accounts should be limited and not granted excessive authorizations especially ability to access to administrative functions such as read and/or write source code and source code trees.

In addition to authentication, authorization is also an important aspect of Oracle security. Without the proper granting of privileges to a user, a user won’t be able to do anything. The key privileges for users are: