Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

WK 4 Discussion and Replies

Please see attachment for instructions

 

 
Discussion

 

In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.

Discussion on access control and physical security. These areas found to be one or more points of weakness in audit

1. Discuss some common points of failure with access control and physical security.

2. What are some strategies to mitigate these deficiencies.

Replies

In 400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2. 


S.R POST 1

Hello everyone,

Access control and physical security are important components of an organization’s overall security but can be points of failure during audits. In terms of access control, common weaknesses include poor password creation and management, where users choose weak or reused passwords, and the lack of multi-factor authentication (MFA) (CQR Company, 2023). Relying on a single layer of authentication without a layered security approach leaves systems vulnerable to compromise. Another significant issue is the existence of overprivileged accounts, where users are granted more access rights than necessary, leading to increased risk if an account is compromised (CQR Company, 2023). Organizations often fail to promptly close accounts for former employees or contractors, leaving active credentials that could be exploited. Inadequate logging and monitoring of access events also pose serious risks, as potential breaches may go unnoticed without proper surveillance (CQR Company, 2023).  

Physical security failures are equally concerning. Unsecured entry points, such as doors and windows without adequate locks or surveillance, are common vulnerabilities (Echelon Protective Services, 2024). Many organizations also lack proper visitor management procedures, failing to require sign-ins or visitor badges, which makes it easier for intruders to blend in. Furthermore, critical areas are often left unmonitored due to the absence of surveillance cameras or alarm systems (Echelon Protective Services, 2024). Another common failure is the unsecured storage of hardware. Laptops, servers, and workstations are sometimes left exposed and accessible to unauthorized users.

 To address these deficiencies, organizations should enforce several key strategies. For access control, implementing multi-factor authentication is essential for all critical systems, along with applying the principle of least privilege to ensure users only have necessary access (CQR Company, 2023). Organizations must enforce strong password policies and automate account deactivation when employees leave (Echelon Protective Services, 2024). Detailed access logs should be monitored using tools like SIEM (Security Information and Event Management) systems to detect suspicious activity.

Regarding physical security, organizations should employ badging systems with photo IDs and require card swipes for entry to sensitive areas. Surveillance cameras should be installed around key entry points and server rooms. (Echelon Protective Services, 2024). A strict visitor policy that includes escorted visits, visitor logs, and temporary badges is also critical. Portable devices should be locked down securely when not in use, and regular physical security audits or penetration tests should be conducted to identify weaknesses (Echelon Protective Services, 2024). Ultimately, beyond technical controls, ongoing security awareness training for all employees is vital, as human error remains a major factor in both access control and physical security failures.

References

CQR Company. (2023, March 9). 
Access control weaknesses. Retrieved from CQR Company:

Echelon Protective Services. (2024). 
What are the weaknesses of physical security? Retrieved from Echelon Protective Services:

less


D.S POST 2

Access control and physical security are methods to protect data and ensure only authorized personnel are granted access to restricted information. As discussed in our text, people use these security measures because they have something of value they intend to protect (Peltier, 2013). Ineffective access control and physical security measures can lead to insider threats, privilege creep, unauthorized system or data access, regulatory non-compliance, operational disruption, data exfiltration, and loss of public trust (CloudEagle, 2024). Security professionals and organizational staff must implement a layered security approach incorporating preventive, detective, and corrective access control types to their information security strategy. Within each control types are physical (locks, security cameras, or guards), administrative (policies, processes, training), or technical/logical (encryption, software security solutions, log-in badges) implementation methods (Peltier, 2013).

Some common strategies to address access control and security issues are to implement multi-factor authentication which requires users to provide two or more verification factors to access target systems, and implement an appropriate access control model to help organize and manage user permissions such as mandatory access control, discretionary access control, role-based access control, or rule-based access control models. Separation of duties, job rotation, and mandatory vacations are some internal controls mechanisms that can also help to prevent fraud and security risks within an organization (Gentles, 2020). Additionally, conducting regular access reviews and audits, ensuring to follow the principle of least privilege, and automating system access management can facilitate enhanced security settings to protect data and deter unauthorized access.

            Organizations should routinely assess system configurations, access controls, and require security-based training to ensure effective protections are applied to the organization. By following these security practices, organizations can mitigate risks and promote a culture of security awareness with employee and customer buy-in.  

 

References

CloudEagle. (n.d.). 
What are the risks of poor access controls? CloudEagle. Retrieved April 27, 2025, from

 

Gentles, A. (2020, October 7). 
Job rotations and vacations as internal controls. First Reference. Retrieved April 27, 2025, from

 

Peltier, T. R. (2013). 
Information security fundamentals (2nd ed.). Auerbach Publications.

less

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

The Equifax Data Breach

Briefly explain what the Equifax data breach was, why it happened, and why it was important. You should mention that Equifax failed to protect personal data, discuss the ethical and security issues involved, and explain what companies can learn from the incident. Please see attached documents. 

Reflection on Big Data and AI

please see attached DAT 260 Module Five Journal Guidelines and Rubric Overview In this journal assignment, you will reflect on key concepts covered in this module. This assignment directly supports your work in Project Two, which is due in Module Seven. Directions In a well-crafted journal entry, address the following:

Disaster Recovery

  Questions: Research the network and server outage problems experienced during a previous man-made or natural disaster and answer the following questions: What parts of the infrastructure was impacted? How were the networks recovered? How redundancy could have mitigated the impact of the disaster?

Network Design and Plan Purpose

Please review attachment Mod 4 Project: Network Design and Plan Purpose In this module, we will introduce a course design project that will be completed in four parts during the course. This project provides you an opportunity to solve a comprehensive problem in firewall and virtual private network (VPN) implementation

Memecoins & Stablecoins Development

Please take a look at the attachment. Lab #3: Blockchain-Based Ecosystems: Memecoins & Stablecoins Development, Attack Simulation, and Auditing Lastname: ______________ First name:____________Date_______ TA_Prove_ Yes/No 1. Overview This lab guides students through designing, implementing, deploying, testing, and auditing a simple memecoin (ERC‑20) and a minimal ecosystem around it (liquidity pool,

Blockchain Presentation

presentation about a blockchain Term Project CIS 5730- Blockchain Application Project Guideline Part ii–Presentation Along with the project you will present what you did to the class in a short presentation. If you want, you can demonstrate the project, or just present an overview of what you did. Presentations should

Network Threats

  Questions: Below is a list of common network attacks: Distributed Denial of Service (DDoS) DNS poisoning ARP poisoning Domain hijacking MAC flooding MAC cloning Man-in-the-Middle Explain two of these network attacks and discuss methods/techniques for protecting the network against them.

Best Practices for Role-Based Privilege Management in Databases

  Research the best practices for managing and securing role-based privileges in databases and address the following questions in your discussion post:  What are the key challenges in managing role-based privileges, and how do they impact database security? Can you provide a real-world scenario where poor role-based privilege management led

Computer Science Cloud Computing assignment

Please see attachment for details 4 [ Note: To complete this template, replace the bracketed text with your own content. Remove this note before you submit your paper.] Cloud Computing Evaluation Paper 1 Cloud Computing [Differentiate between cloud computing models and their uses. What are the different types of deployment

Computer Science- Python Python Programming Assignment

Computer Science Python Programming Lab assignment help. Design a Python program that calculates a credit card customer’s minimum payment based on their balance. Please use If Else and elif statements in your code. You must add comments in your code. Please round the minimum payment to two decimal places using

Blockchain Application

I need help with my coursework project. Let me know if you need any help from me.  Lab 2: Blockchain-Based Academic Credentials Lab Lastname: ______________ Firstname:________________ 1. Overview AETHELRED UNIVERSITY Registrar’s Office wants to start issuing a digital transcripts and diploma for graduating students. You are called to build the

LOREM, IPSUM

The ability to develop a risk register is a skill needed by all cybersecurity leaders when assessing cybersecurity risks. A risk register provides a detailed listing of known risks as well as quantitative or qualitative assessments of those risks, resulting in the prioritization of action.

Virtual LANs

  Questions: A VLAN allows different devices to be connected virtually to each other as if they were in a LAN sharing a single broadcast domain. 1. Why a network engineer would want to deploy VLANs? 2. How do VLANs improve network security?

compliance and rules to follow in cybersecurity.

Follow the attached instructions to complete this work. Note: Make sure to follows rubric or aligns with Rubric. Unit 8 Assignment Directions: Case Study Review the following hypothetical case study. Consider the big-picture ideas and the specific concerns. Make use of the key terms and concepts from the readings in

Discussion on data ( computer science)

Follow the attached direction to complete this work Unit 7 Discussion   Overview Consider this scenario: PQR Corporation provides facial recognition technology to customers. Its products include customer access to consumer electronics as well as mass surveillance capabilities through networked camera systems. While operating legally, PQR has maintained a low

Computer Science – Machine Learning Python Programming Assignment

Assignment Help. Please don’t forget to add comments in the code Page 1 of 3 NorQuest College – CMPT 1011: Lab Assignment 5 CMPT 1011: Introduction to Computing Lab Assignment 2: Variables, mathematical operations and data types Value This coding challenge is worth 3% of your final grade. Background In