Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

WK 4 Discussion and Replies

Please see attachment for instructions

 

 
Discussion

 

In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.

Discussion on access control and physical security. These areas found to be one or more points of weakness in audit

1. Discuss some common points of failure with access control and physical security.

2. What are some strategies to mitigate these deficiencies.

Replies

In 400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2. 


S.R POST 1

Hello everyone,

Access control and physical security are important components of an organization’s overall security but can be points of failure during audits. In terms of access control, common weaknesses include poor password creation and management, where users choose weak or reused passwords, and the lack of multi-factor authentication (MFA) (CQR Company, 2023). Relying on a single layer of authentication without a layered security approach leaves systems vulnerable to compromise. Another significant issue is the existence of overprivileged accounts, where users are granted more access rights than necessary, leading to increased risk if an account is compromised (CQR Company, 2023). Organizations often fail to promptly close accounts for former employees or contractors, leaving active credentials that could be exploited. Inadequate logging and monitoring of access events also pose serious risks, as potential breaches may go unnoticed without proper surveillance (CQR Company, 2023).  

Physical security failures are equally concerning. Unsecured entry points, such as doors and windows without adequate locks or surveillance, are common vulnerabilities (Echelon Protective Services, 2024). Many organizations also lack proper visitor management procedures, failing to require sign-ins or visitor badges, which makes it easier for intruders to blend in. Furthermore, critical areas are often left unmonitored due to the absence of surveillance cameras or alarm systems (Echelon Protective Services, 2024). Another common failure is the unsecured storage of hardware. Laptops, servers, and workstations are sometimes left exposed and accessible to unauthorized users.

 To address these deficiencies, organizations should enforce several key strategies. For access control, implementing multi-factor authentication is essential for all critical systems, along with applying the principle of least privilege to ensure users only have necessary access (CQR Company, 2023). Organizations must enforce strong password policies and automate account deactivation when employees leave (Echelon Protective Services, 2024). Detailed access logs should be monitored using tools like SIEM (Security Information and Event Management) systems to detect suspicious activity.

Regarding physical security, organizations should employ badging systems with photo IDs and require card swipes for entry to sensitive areas. Surveillance cameras should be installed around key entry points and server rooms. (Echelon Protective Services, 2024). A strict visitor policy that includes escorted visits, visitor logs, and temporary badges is also critical. Portable devices should be locked down securely when not in use, and regular physical security audits or penetration tests should be conducted to identify weaknesses (Echelon Protective Services, 2024). Ultimately, beyond technical controls, ongoing security awareness training for all employees is vital, as human error remains a major factor in both access control and physical security failures.

References

CQR Company. (2023, March 9). 
Access control weaknesses. Retrieved from CQR Company:

Echelon Protective Services. (2024). 
What are the weaknesses of physical security? Retrieved from Echelon Protective Services:

less


D.S POST 2

Access control and physical security are methods to protect data and ensure only authorized personnel are granted access to restricted information. As discussed in our text, people use these security measures because they have something of value they intend to protect (Peltier, 2013). Ineffective access control and physical security measures can lead to insider threats, privilege creep, unauthorized system or data access, regulatory non-compliance, operational disruption, data exfiltration, and loss of public trust (CloudEagle, 2024). Security professionals and organizational staff must implement a layered security approach incorporating preventive, detective, and corrective access control types to their information security strategy. Within each control types are physical (locks, security cameras, or guards), administrative (policies, processes, training), or technical/logical (encryption, software security solutions, log-in badges) implementation methods (Peltier, 2013).

Some common strategies to address access control and security issues are to implement multi-factor authentication which requires users to provide two or more verification factors to access target systems, and implement an appropriate access control model to help organize and manage user permissions such as mandatory access control, discretionary access control, role-based access control, or rule-based access control models. Separation of duties, job rotation, and mandatory vacations are some internal controls mechanisms that can also help to prevent fraud and security risks within an organization (Gentles, 2020). Additionally, conducting regular access reviews and audits, ensuring to follow the principle of least privilege, and automating system access management can facilitate enhanced security settings to protect data and deter unauthorized access.

            Organizations should routinely assess system configurations, access controls, and require security-based training to ensure effective protections are applied to the organization. By following these security practices, organizations can mitigate risks and promote a culture of security awareness with employee and customer buy-in.  

 

References

CloudEagle. (n.d.). 
What are the risks of poor access controls? CloudEagle. Retrieved April 27, 2025, from

 

Gentles, A. (2020, October 7). 
Job rotations and vacations as internal controls. First Reference. Retrieved April 27, 2025, from

 

Peltier, T. R. (2013). 
Information security fundamentals (2nd ed.). Auerbach Publications.

less

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

computering part 7

The goal of this project is to integrate your various components into polished, professional products. Follow the instructions below to ensure a successful submission: Apply Feedback: Review and incorporate all feedback received from previous submissions (Parts 2-6). Enhance and Improve: Refine any of the three required items (cover letter with

Discussion and Replies

Please see attachment for instructions     Discussion   In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format. Based on the readings this week, 1. Discuss some common strategies and pitfalls you have seen with business continuity. 2. Discuss some common strategies and

sociology

The goal of this project is to integrate your various components into polished, professional products. Follow the instructions below to ensure a successful submission: Apply Feedback: Review and incorporate all feedback received from previous submissions (Parts 2-6). Enhance and Improve: Refine any of the three required items (cover letter with

Python

  Instructions Create a simple Python application (Save as w5_firstname_lastname.py) . Create a Python script that takes two parameters to do the following:- 1) List all files names, size, date created in the given folder 2) Parameter1 = Root Folder name Parameter2= File size >>> to filter file size (

Python

  Instructions:  Describe methods for securing Python code. Pick at least ONE of the methods for securing node and deep dive into what it means and how it is used to secure code.   

Discussion 8 of 459

Follow the attach instruction to complete the work. 1. What is one specific technology you found the most intriguing throughout the course? 2. If you were to be a hacker, which building block vector would you choose to attack your selected technology and why?

Node.js

  Instructions Create a simple Node.js server (Save as w4_firstname_lastname.js) . Create a restful application similar to the one in lesson 4 (ReSTFul Web Services). Document the routing table, and the application you created. Submit your week 4 work in w4_firstname_lastname.txt (Please save the file as a text file and

Computer Science- Python Gurobi assignment

I need the output following these steps: Put all of these files into the same folder, Open the python file, If there is any error, check if any file is missing, It has 105 counties and 4 districts, so it will take a while to finish running. I need it

Research Project

Please follow the instructions attached below:  I have choose the topic from the list is:   PROJECT TITLE Firm RTOS – Balancing Real-Time Performance and Flexibility Please check the abstract from my file and write the research project. 

provide me java based interview question.

Core Java Interview Questions (Basic Level) 1. What is Java? Java is a high-level, object-oriented, platform-independent programming language developed by Sun Microsystems. 2. What are the features of Java?  Object-Oriented  Platform Independent (via JVM)  Secure and Robust  Multithreaded  Architecture Neutral  High Performance (via JIT

Dynamons world Mod APK

 What are the best tips for playing RPG games like Dynamons World? I recently found a great resource at that offers a lot of insights and even MOD APKs for Dynamons World, but I’d love to hear personal strategies and gameplay advice from the community too! ???????? 

459 w7

Follow the attach instructions to complete this work. Questions: 1. What is Generative AI and how is it similar/different to Traditional AI? 2. Do you believe that work created by Generative AI (e.g. ChatGPT) is comparable in quality to human created content?  What challenges and opportunities  does Generative AI pose

Computer Science WK3 Assignment

Please see attachment for instructions ISSC680 Week 3 Homework Assignment Instructions: Please provide a one-page response to the following topic utilizing supporting documentation obtained from the attach books and the Internet. APA format and reference. Topic: Differentiate between the different types of cryptographic algorithms.

Discussion and Replies

Please see attachment for instructions     Discussion   In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format. Based on this weeks readings, 1. Discuss some effective strategies for Security Awareness in your organization or 2. What you would like to see implemented

What Does Custom Software Development Cost in the USA?

  The cost of custom software development in the USA typically ranges from $25,000 to $500,000 or more, depending on the complexity, features, and scale of the project. Here’s a quick breakdown: Small projects (like MVPs or simple web/mobile apps): $25,000 – $50,000   Mid-sized solutions (custom dashboards, automation, integrations):