Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

WK 4 Discussion and Replies

Please see attachment for instructions

 

 
Discussion

 

In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.

Discussion on access control and physical security. These areas found to be one or more points of weakness in audit

1. Discuss some common points of failure with access control and physical security.

2. What are some strategies to mitigate these deficiencies.

Replies

In 400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2. 


S.R POST 1

Hello everyone,

Access control and physical security are important components of an organization’s overall security but can be points of failure during audits. In terms of access control, common weaknesses include poor password creation and management, where users choose weak or reused passwords, and the lack of multi-factor authentication (MFA) (CQR Company, 2023). Relying on a single layer of authentication without a layered security approach leaves systems vulnerable to compromise. Another significant issue is the existence of overprivileged accounts, where users are granted more access rights than necessary, leading to increased risk if an account is compromised (CQR Company, 2023). Organizations often fail to promptly close accounts for former employees or contractors, leaving active credentials that could be exploited. Inadequate logging and monitoring of access events also pose serious risks, as potential breaches may go unnoticed without proper surveillance (CQR Company, 2023).  

Physical security failures are equally concerning. Unsecured entry points, such as doors and windows without adequate locks or surveillance, are common vulnerabilities (Echelon Protective Services, 2024). Many organizations also lack proper visitor management procedures, failing to require sign-ins or visitor badges, which makes it easier for intruders to blend in. Furthermore, critical areas are often left unmonitored due to the absence of surveillance cameras or alarm systems (Echelon Protective Services, 2024). Another common failure is the unsecured storage of hardware. Laptops, servers, and workstations are sometimes left exposed and accessible to unauthorized users.

 To address these deficiencies, organizations should enforce several key strategies. For access control, implementing multi-factor authentication is essential for all critical systems, along with applying the principle of least privilege to ensure users only have necessary access (CQR Company, 2023). Organizations must enforce strong password policies and automate account deactivation when employees leave (Echelon Protective Services, 2024). Detailed access logs should be monitored using tools like SIEM (Security Information and Event Management) systems to detect suspicious activity.

Regarding physical security, organizations should employ badging systems with photo IDs and require card swipes for entry to sensitive areas. Surveillance cameras should be installed around key entry points and server rooms. (Echelon Protective Services, 2024). A strict visitor policy that includes escorted visits, visitor logs, and temporary badges is also critical. Portable devices should be locked down securely when not in use, and regular physical security audits or penetration tests should be conducted to identify weaknesses (Echelon Protective Services, 2024). Ultimately, beyond technical controls, ongoing security awareness training for all employees is vital, as human error remains a major factor in both access control and physical security failures.

References

CQR Company. (2023, March 9). 
Access control weaknesses. Retrieved from CQR Company:

Echelon Protective Services. (2024). 
What are the weaknesses of physical security? Retrieved from Echelon Protective Services:

less


D.S POST 2

Access control and physical security are methods to protect data and ensure only authorized personnel are granted access to restricted information. As discussed in our text, people use these security measures because they have something of value they intend to protect (Peltier, 2013). Ineffective access control and physical security measures can lead to insider threats, privilege creep, unauthorized system or data access, regulatory non-compliance, operational disruption, data exfiltration, and loss of public trust (CloudEagle, 2024). Security professionals and organizational staff must implement a layered security approach incorporating preventive, detective, and corrective access control types to their information security strategy. Within each control types are physical (locks, security cameras, or guards), administrative (policies, processes, training), or technical/logical (encryption, software security solutions, log-in badges) implementation methods (Peltier, 2013).

Some common strategies to address access control and security issues are to implement multi-factor authentication which requires users to provide two or more verification factors to access target systems, and implement an appropriate access control model to help organize and manage user permissions such as mandatory access control, discretionary access control, role-based access control, or rule-based access control models. Separation of duties, job rotation, and mandatory vacations are some internal controls mechanisms that can also help to prevent fraud and security risks within an organization (Gentles, 2020). Additionally, conducting regular access reviews and audits, ensuring to follow the principle of least privilege, and automating system access management can facilitate enhanced security settings to protect data and deter unauthorized access.

            Organizations should routinely assess system configurations, access controls, and require security-based training to ensure effective protections are applied to the organization. By following these security practices, organizations can mitigate risks and promote a culture of security awareness with employee and customer buy-in.  

 

References

CloudEagle. (n.d.). 
What are the risks of poor access controls? CloudEagle. Retrieved April 27, 2025, from

 

Gentles, A. (2020, October 7). 
Job rotations and vacations as internal controls. First Reference. Retrieved April 27, 2025, from

 

Peltier, T. R. (2013). 
Information security fundamentals (2nd ed.). Auerbach Publications.

less

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Asign 2 of CG

Follow the attached instructions to complete this work. Guidance to follow I encourage you to build your project format following the requirements established in each project’s final step. I am going to give you the key to success. I am a fan of headings/subheadings in the final project that directly

Assign 2 of CG

Follow the attach information to complete this work. Make sure it aligns with the Rubric. Unit 2 Assignment Directions: Risk-Assessment Strategy Purpose In this assignment, you will detail the risk-assessment plan and strategy for your organization that you described in your discussion post. You have demonstrated that you understand their

How to Bulk Open MBOX File Windows and Mac?

The best way to bulk open MBOX file Windows and Mac without using any email client is through an expert solution such as BitRecover MBOX Viewer. It runs on both OS and is completely free of cost. The best thing is it is easy to use, has multiple selection modes,

Data unit 2 assign

Follow the attach instructions to complete this work State State Bird State Motto Year of Admission Alaska Willow ptarmigan North to the Future 1959 Texas Northern mockingbird Friendship 1845 California California quail Eureka 1850 Montana Western meadowlark Oro y Plata 1889 New Mexico Greater roadrunner Crescit Eundo 1912 Arizona Cactus

Finding …. Theme

Follow the attached instructions to complete this work. Unit 2 Assignment: Finding themes using a Page 1 dashboard Milligan Chapters 7, 8, and 11 Unit 2 Assignment: Finding themes using a dashboard Milligan Chapters 7, 8, and 11 In this assignment, you will learn how to combine individual visualizations to

Data V of D3

Follow the attach instructions to complete this work Deconstruction of an Advanced Dashboard: Trends and Improvements   Discussion Prompts · Does the dashboard designer use any of the trends that are described in Milligan’s Chapter 9? · If they did use those trends, state which one(s), and describe what they

DV D2

Follow the attached instructions to complete this work also find the previous work attach to it.  Deconstructions of an Advanced Dashboard: Dashboard Approach and Storytelling   Task There is a discussion you will need to participate in this unit. Select the button that follows to access the discussion thread.  You

CG 5

Follow the attached instructions to complete this work. In Unit 1, you analyzed the NIST 2.0 Framework and then compared it to the administration’s approach to cybersecurity. In Unit 2, you will look more specifically at what it means to establish a risk-assessment approach for an organization and how that

Computer Science Digital Image Analysis Assignment

Can anyone create me any one from the assignment doc 1. Real-Time Image Super-Resolution for Video Streams · Description: Develop a system to enhance the resolution of low-quality video streams in real-time using Super-Resolution GANs (SRGAN) or ESRGAN. · Challenge: Ensure temporal consistency across frames, avoid artifacts, and maintain real-time

D1 of data

Follow the attached instructions to complete this work in an hour. Unit 1 Discussion: Deconstruction of an Advanced Dashboard: Identification of Purpose and Visualizations   Task 1. Go to  Viz of the Day 2. This website is hosted by Tableau Public, and new visualizations are posted daily. 3. Select one

D1 of Cg

Follow the attached instruction to complete this discussion Directions 1. Initial post: Respecting user privacy and ensuring data integrity are important ethical requirements of a CISO. They are requirements reflected in the internal governance approach to writing policies on how to manage access and control over data. You may add

Cyber 1

Follow the attach instructions to complete this work. Make sure it Aligns with Rubric. Unit 1 Assignment Directions: Administration Approach to Cybersecurity Purpose Write a 5-page paper analyzing 2023’s  National Cybersecurity Strategy Implementation Plan (NCSIP), which supports the NCS 2023, the Biden Administration’s approach to cybersecurity. Keep in mind that NIST

How to Convert OST files to PST?

Convert OST to PST using Shoviv OST to PST Converter (in steps): · Install and open OST to PST Converter tool · Add OST files you want to convert · Choose PST as the saving format · Select destination folder · Click Export to start conversion The tool converts OST

GainTools MBOX to PST Converter

GainTools MBOX to PST Converter is a powerful and easy-to-use program that can change MBOX files into PST files with 100% accuracy. It can convert several MBOX files at once, keeps the layout and attachments of the emails, and works with all major MBOX email clients. This makes it quick,

windowslivemailconverter

 <!–td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}–> The best choice for the users is eSoftTools Windows Live Mail Converter software. It allows the users to convert their Live Mail profile emails into multiple formats as well as export Windows Live Mail emails to 8+ conversion and different cloud mail apps. It

Final CIS Project

 Scenario: A robot is sitting in a chair with its arms facing down. Write an algorithm, using pseudocode, to make the robot: 

What features define a successful AI Chatbot Development Company?

A successful AI Chatbot Development Company is defined by its ability to deliver intelligent, scalable, and user-friendly chatbot solutions powered by advanced AI and NLP. Key features include seamless integration, contextual conversation handling, real-time analytics, and enterprise-grade security—essential for enhancing customer support, boosting engagement, and automating workflows across diverse business

Instructions listed below

It’s an online assignment, I’ll give you the login and the names of the assignments, and you complete them.