Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

WK 4 Discussion and Replies

Please see attachment for instructions

 

 
Discussion

 

In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.

Discussion on access control and physical security. These areas found to be one or more points of weakness in audit

1. Discuss some common points of failure with access control and physical security.

2. What are some strategies to mitigate these deficiencies.

Replies

In 400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2. 


S.R POST 1

Hello everyone,

Access control and physical security are important components of an organization’s overall security but can be points of failure during audits. In terms of access control, common weaknesses include poor password creation and management, where users choose weak or reused passwords, and the lack of multi-factor authentication (MFA) (CQR Company, 2023). Relying on a single layer of authentication without a layered security approach leaves systems vulnerable to compromise. Another significant issue is the existence of overprivileged accounts, where users are granted more access rights than necessary, leading to increased risk if an account is compromised (CQR Company, 2023). Organizations often fail to promptly close accounts for former employees or contractors, leaving active credentials that could be exploited. Inadequate logging and monitoring of access events also pose serious risks, as potential breaches may go unnoticed without proper surveillance (CQR Company, 2023).  

Physical security failures are equally concerning. Unsecured entry points, such as doors and windows without adequate locks or surveillance, are common vulnerabilities (Echelon Protective Services, 2024). Many organizations also lack proper visitor management procedures, failing to require sign-ins or visitor badges, which makes it easier for intruders to blend in. Furthermore, critical areas are often left unmonitored due to the absence of surveillance cameras or alarm systems (Echelon Protective Services, 2024). Another common failure is the unsecured storage of hardware. Laptops, servers, and workstations are sometimes left exposed and accessible to unauthorized users.

 To address these deficiencies, organizations should enforce several key strategies. For access control, implementing multi-factor authentication is essential for all critical systems, along with applying the principle of least privilege to ensure users only have necessary access (CQR Company, 2023). Organizations must enforce strong password policies and automate account deactivation when employees leave (Echelon Protective Services, 2024). Detailed access logs should be monitored using tools like SIEM (Security Information and Event Management) systems to detect suspicious activity.

Regarding physical security, organizations should employ badging systems with photo IDs and require card swipes for entry to sensitive areas. Surveillance cameras should be installed around key entry points and server rooms. (Echelon Protective Services, 2024). A strict visitor policy that includes escorted visits, visitor logs, and temporary badges is also critical. Portable devices should be locked down securely when not in use, and regular physical security audits or penetration tests should be conducted to identify weaknesses (Echelon Protective Services, 2024). Ultimately, beyond technical controls, ongoing security awareness training for all employees is vital, as human error remains a major factor in both access control and physical security failures.

References

CQR Company. (2023, March 9). 
Access control weaknesses. Retrieved from CQR Company:

Echelon Protective Services. (2024). 
What are the weaknesses of physical security? Retrieved from Echelon Protective Services:

less


D.S POST 2

Access control and physical security are methods to protect data and ensure only authorized personnel are granted access to restricted information. As discussed in our text, people use these security measures because they have something of value they intend to protect (Peltier, 2013). Ineffective access control and physical security measures can lead to insider threats, privilege creep, unauthorized system or data access, regulatory non-compliance, operational disruption, data exfiltration, and loss of public trust (CloudEagle, 2024). Security professionals and organizational staff must implement a layered security approach incorporating preventive, detective, and corrective access control types to their information security strategy. Within each control types are physical (locks, security cameras, or guards), administrative (policies, processes, training), or technical/logical (encryption, software security solutions, log-in badges) implementation methods (Peltier, 2013).

Some common strategies to address access control and security issues are to implement multi-factor authentication which requires users to provide two or more verification factors to access target systems, and implement an appropriate access control model to help organize and manage user permissions such as mandatory access control, discretionary access control, role-based access control, or rule-based access control models. Separation of duties, job rotation, and mandatory vacations are some internal controls mechanisms that can also help to prevent fraud and security risks within an organization (Gentles, 2020). Additionally, conducting regular access reviews and audits, ensuring to follow the principle of least privilege, and automating system access management can facilitate enhanced security settings to protect data and deter unauthorized access.

            Organizations should routinely assess system configurations, access controls, and require security-based training to ensure effective protections are applied to the organization. By following these security practices, organizations can mitigate risks and promote a culture of security awareness with employee and customer buy-in.  

 

References

CloudEagle. (n.d.). 
What are the risks of poor access controls? CloudEagle. Retrieved April 27, 2025, from

 

Gentles, A. (2020, October 7). 
Job rotations and vacations as internal controls. First Reference. Retrieved April 27, 2025, from

 

Peltier, T. R. (2013). 
Information security fundamentals (2nd ed.). Auerbach Publications.

less

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

database

2. Final Assignment – equivalent to 4,000 words The final module mark is based on two deliverables focused on the CarNow case study described below. – 50% of the final mark a. An advisory report – 50 % of the final mark Includes 5% (of the module grade) given for

Computer

Documentation Tabula Insurance Agency ENTER AND UPDATE COMPANY DATA Author: Ashanti Joyner Note: Do not edit this sheet. If your name does not appear in cell B6, please download a new copy of the file from the SAM website. Personnel Tabula Insurance Agency Personnel: April 4-10, 2024 Employee Name Salary

Computer class

All information is below Toronto converted a declining part of the city into a vibrant neighborhood using the smart city 1.0 approach when a local technology company introduced electric shuttle buses to replace private cars and intelligent traffic lights to regulate the flow of pedestrians, bicycles, and vehicles. From Frankl,

Week 15

Read attachments for assignments  Week 14 Feedback Overall Feedback Well done on this assignment You will have to refine your tables and figures for your final submission. Always introduce them to the reader in preceding paragraph, properly create APA table, and cite figures. See Video:   APA Tables and Figures

Prof Double R

  PowerPoint Presentation: Narrative Presentation to the Board of Trustees The Centers for Medicare & Medicaid Services (CMS) has taken on a more visible role in health care. A great deal of change has transpired to improve patient safety and implementation of additional quality metrics. The new health care reform

Week 14

Please read attachments for details  image1.png

Week 13

Read attachments for details  The Finishing Touches – Week 13 Instructions For this week’s assignment you will submit the material discussed in the lesson plan and summarized below: · A refined introduction (Mandatory) · Updated Title Page (Mandatory) · Copyright Page with Declaration (Mandatory) · Dedication Page (Optional) · Acknowledgement

SCMT699

please read attachments for assignment  Feedback from week 10 Please address your design before your next submission.  Its how you are going to go about conducting your research so other can duplicate it. This is a good book on it. Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed

Discussion 2

Follow the attached instructions to complete this work. Using ChatGPT or another generative AI tool, you will request SQL code for a business problem using simple user requirement terms. Then you will plug that into MySQL to reverse engineer an ERD. You and your classmates will discuss misalignments between what

Week 10

Read attachment for details  Week 8 Feedback Overall Feedback Theory is one of the most difficult concept to grasp.  Your study must be based on a theory and align with what you are attempting to explore and what you are trying to answer based on previous gaps in research. Well

hw2

This problem exercises the basic concepts of game playing, using tic-tac-toe as an example.  We define Xn as the number of rows, columns, or diagonals with exactly n X’s and no O’s.  Similarly, On is the number of rows, columns, or diagonals with exactly n O’s.  The utility function assigns

Computer Science Homework 2

Homework 2. Question 1. Decision Tree Classifier [10 Points] Data: The zip file “ hw2.q1.data.zip” contains 3 CSV files: · “ hw2.q1.train.csv” contains 10,000 rows and 26 columns. The first column ‘ y’ is the output variable with 2 classes: 0, 1. The remaining 25 columns contain input features: x_1,

Incident Response

Please follow the PDF WGU Performance Assessment  Please create report attach is the doc file to use  also included are the lab results with screen shots of answer  -Create “Incident Reporting Template” with file attach -Use screenshot evidence document, in .docx format, generated by the virtual lab for guidance and

Week 8

Read attachment for details Theoretical Framework – Week 8 Hide Assignment Information Turnitin™ Turnitin™ enabledThis assignment will be submitted to Turnitin™. Instructions This week you will submit your theoretical framework. The following description for this section of your thesis is from the End of Program Manual (EOP): Theoretical Framework/Approach: The

In Basketball Stars, a player attempts 25 shots in one game.

  In  basketball stars, a player attempts 25 shots in one game. a) If 15 shots are successful, what is the player’s shooting percentage? b) The next game, the player makes 18 out of 30 shots. Compare the two shooting percentages. c) What is the overall shooting percentage across both

problem

Research problems due 9/18 Please follow the instructions carefully for your research problem. Your argument and research input will significantly impact your grade. Ensure that you check for AI-generated content and plagiarism before submitting your paper. AI-generated content should not exceed 10%, and content from external sources should be limited

co task 6

Topic-bitcoin Task 6 Objective: To apply systems thinking principles to analyze a blockchain network and understand its key components, interactions, and dynamics. Assignment Tasks: Select a Blockchain Network: Choose a specific blockchain network or cryptocurrency project to analyze. You can select well-known networks like Bitcoin, Ethereum, or any other blockchain