Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

WK 4 Discussion and Replies

Please see attachment for instructions

 

 
Discussion

 

In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.

Discussion on access control and physical security. These areas found to be one or more points of weakness in audit

1. Discuss some common points of failure with access control and physical security.

2. What are some strategies to mitigate these deficiencies.

Replies

In 400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2. 


S.R POST 1

Hello everyone,

Access control and physical security are important components of an organization’s overall security but can be points of failure during audits. In terms of access control, common weaknesses include poor password creation and management, where users choose weak or reused passwords, and the lack of multi-factor authentication (MFA) (CQR Company, 2023). Relying on a single layer of authentication without a layered security approach leaves systems vulnerable to compromise. Another significant issue is the existence of overprivileged accounts, where users are granted more access rights than necessary, leading to increased risk if an account is compromised (CQR Company, 2023). Organizations often fail to promptly close accounts for former employees or contractors, leaving active credentials that could be exploited. Inadequate logging and monitoring of access events also pose serious risks, as potential breaches may go unnoticed without proper surveillance (CQR Company, 2023).  

Physical security failures are equally concerning. Unsecured entry points, such as doors and windows without adequate locks or surveillance, are common vulnerabilities (Echelon Protective Services, 2024). Many organizations also lack proper visitor management procedures, failing to require sign-ins or visitor badges, which makes it easier for intruders to blend in. Furthermore, critical areas are often left unmonitored due to the absence of surveillance cameras or alarm systems (Echelon Protective Services, 2024). Another common failure is the unsecured storage of hardware. Laptops, servers, and workstations are sometimes left exposed and accessible to unauthorized users.

 To address these deficiencies, organizations should enforce several key strategies. For access control, implementing multi-factor authentication is essential for all critical systems, along with applying the principle of least privilege to ensure users only have necessary access (CQR Company, 2023). Organizations must enforce strong password policies and automate account deactivation when employees leave (Echelon Protective Services, 2024). Detailed access logs should be monitored using tools like SIEM (Security Information and Event Management) systems to detect suspicious activity.

Regarding physical security, organizations should employ badging systems with photo IDs and require card swipes for entry to sensitive areas. Surveillance cameras should be installed around key entry points and server rooms. (Echelon Protective Services, 2024). A strict visitor policy that includes escorted visits, visitor logs, and temporary badges is also critical. Portable devices should be locked down securely when not in use, and regular physical security audits or penetration tests should be conducted to identify weaknesses (Echelon Protective Services, 2024). Ultimately, beyond technical controls, ongoing security awareness training for all employees is vital, as human error remains a major factor in both access control and physical security failures.

References

CQR Company. (2023, March 9). 
Access control weaknesses. Retrieved from CQR Company:

Echelon Protective Services. (2024). 
What are the weaknesses of physical security? Retrieved from Echelon Protective Services:

less


D.S POST 2

Access control and physical security are methods to protect data and ensure only authorized personnel are granted access to restricted information. As discussed in our text, people use these security measures because they have something of value they intend to protect (Peltier, 2013). Ineffective access control and physical security measures can lead to insider threats, privilege creep, unauthorized system or data access, regulatory non-compliance, operational disruption, data exfiltration, and loss of public trust (CloudEagle, 2024). Security professionals and organizational staff must implement a layered security approach incorporating preventive, detective, and corrective access control types to their information security strategy. Within each control types are physical (locks, security cameras, or guards), administrative (policies, processes, training), or technical/logical (encryption, software security solutions, log-in badges) implementation methods (Peltier, 2013).

Some common strategies to address access control and security issues are to implement multi-factor authentication which requires users to provide two or more verification factors to access target systems, and implement an appropriate access control model to help organize and manage user permissions such as mandatory access control, discretionary access control, role-based access control, or rule-based access control models. Separation of duties, job rotation, and mandatory vacations are some internal controls mechanisms that can also help to prevent fraud and security risks within an organization (Gentles, 2020). Additionally, conducting regular access reviews and audits, ensuring to follow the principle of least privilege, and automating system access management can facilitate enhanced security settings to protect data and deter unauthorized access.

            Organizations should routinely assess system configurations, access controls, and require security-based training to ensure effective protections are applied to the organization. By following these security practices, organizations can mitigate risks and promote a culture of security awareness with employee and customer buy-in.  

 

References

CloudEagle. (n.d.). 
What are the risks of poor access controls? CloudEagle. Retrieved April 27, 2025, from

 

Gentles, A. (2020, October 7). 
Job rotations and vacations as internal controls. First Reference. Retrieved April 27, 2025, from

 

Peltier, T. R. (2013). 
Information security fundamentals (2nd ed.). Auerbach Publications.

less

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

project 3 of 485

Follow the attach instructions to complete the work. Make sure it aligns with the Rubric Project #3: Presentation for Board of Directors Your Task: Padgett-Beale’s Chief Information Security Officer (CISO) has tasked you to continue supporting the Merger & Acquisition team’s efforts to bring Island Banking Services’ security program into

project 2 of 485

Fellow the attach instructions to complete this work. Make sure it aligns with the Rubric Project #2: Cybersecurity Implementation Plan Your Task: The Acquisition of Island Banking Services has moved from the strategy development phase to the integration phase. In this phase, the M&A team will develop transition and implementation

PROJECT 1 of 485

Fellow the attach instructions to complete this work. Make sure it aligns with the rubric Project #1: Cybersecurity Strategy & Plan of Action Your Task: You have been assigned to support the Padgett-Beale Merger & Acquisition (M&A) team working under the direct supervision of Padgett-Beale’s Chief Information Security Officer (CISO).

proj3-Final

Project 3: Cloud Portfolio Report  Step 1: Review BallotOnline’s Cloud Services Offerings  You’ve now had a lot of experience working on many aspects of the cloud at BallotOnline, and you will take a look at what you’ve done in the past. In this step, you will write up how you

AWS Simple Monthly Calculator

Discussion: AWS Simple Monthly Calculator Contains unread posts Now that you have discussed BallotOnline’s cloud services offerings, you will discuss the AWS Simple Monthly Calculator. You should cover the following areas: · What are some of the general use cases that are covered? · What are the requirements to use

D 5 0F 485

Follow the attach instructions to complete this work. Assessing Maturity for Cybersecurity Program Before you begin read:  Our class focuses on integrating many different aspects of cybersecurity, information security, and information assurance.  Recent developments in the field of cybersecurity have resulted in a number of “maturity models” which can be

Discussion 4 of 413

Follow the attach instructions to complete the work Data Breach Reporting Policy Review the Red Clay Renovations company profile and the weekly readings. Provide specific information about “the company” in your response. Due to changes in state and federal laws, Red Clay leadership decided the CISO will be the sole

discussion 4 of 485

Follow the attach instructions to complete this work. Cultural Differences as Barriers to Success The Merger & Acquisition team hired a team of external consultants to assist with identification of cultural issues which could result in barriers to the successful acquisition of Island Banking Services by Padgett-Beale. The consultants conducted

project 3 of 413

Follow the attached instructions to complete this work Download the attached detailed assignment description for this project. You should also review the rubric shown below for additional information about the requirements for the project and how your work will be graded. Please make sure that you use both the assignment description file

Project 2 of 413

Follow the attach instructions to complete this work. Make sure it aligns with the rubric Project #2: Manager’s Deskbook Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in

Project 1 of 413

Follow the attach instructions to complete this work. Make sure it aligns with rubric Project #1: Employee Handbook Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating

Discussion and Replies

Please see attachment for instructions     Discussion   In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format. 1. Discuss some of the common issues with implementation of security policy. 2. What are some possible mitigations to ensure policy can be enforced. Replies

revision x 10

I need someone to follow all of the instructions that is provided for revision that can be done no later than tomorrow, do not request bid if this price is not enough or if you cannot fulfill the requirements this is a time sensitive manner I cannot wait 3-4 days

Python

 Throughout this course, you have been exposed to programming techniques in several scripting languages. In your opinion, which scripting language is most useful for performing system administration tasks. Why? 

Computer Science Assignment

Intro to Data Mining –  Intro to Data Mining (ITS-632-A03) Chapters covered till noe upto chapter 4 For the midterm, select one key concept that we’ve learned in the course to date and answer the following: 1. Define the concept. 2. Note its importance to data science. 3. Discuss corresponding

Bibliography References

Please see the attach instructions to create a bibliography from the references in the attachment. 10 Directions You must used the below outline and 10 references to complete the bibliography assignment. Use the 10 references from the outline paper below to review, and create a short abstract on how you

D 3 85

Follow the attach instructions to complete this work. You will start by writing a short paper as described in the discussion question. You will be using information from this week’s readings and from your own research to address the information needs expressed in the question.  1. Create an MS Word

D 3 413

Follow the attach instructions to complete this work. Policy Mandates: US vs European Approaches to Privacy Laws In addition to the week 3 course readings, read:  Key issues  and  ( General Data Protection Regulation (GDPR) ) Prepare a two-page briefing paper (5 to 7 paragraphs) that provides background information about