1. Access Control
All aspects of a business are vital, though some have more impact on the bottom line. Permissions and access control are given based on what users need and not on what they want. This is called the policy of least privilege.
. Mistakes happen, even when creating users. In your opinion, if a user is given more access than they need and use it to traverse to sections of the network that are not part of their job responsibilities, who is liable if trade information is stolen? Justify your answer. Outline the steps you would take to ensure proper access control is being maintained and users have the correct rights. Using the Internet, look for an article on a recent breach in access control. Summarize the article, the event, and the issue that created the breach. What steps would you have taken in a similar situation?
. How often should access controls be audited?
Federal and State laws act as a deterrent to information theft but also make it necessary for businesses to protect sensitive data. There are penalties for stealing information, as well as penalties for failing to protect it.
. Describe the Computer Fraud and Abuse Act and how it influenced businesses. Next, using the Internet, search for your State’s laws that are designed to protect sensitive data. Share the details of the law, as well as how it is enforced in the event of noncompliance. Compare the Federal Law with your state law and decide if more legislation is required. Be sure to justify your answer.
. In your opinion, do we have sufficient laws concerning data theft at the Federal level?