Question 1
For the pharmaceutical company in HW-3, were tasked to develop an access control policy for the company. Currently, you are performing an as-is analysis and assessing current security practices. You’ve found three critical problems with current practices. These are:
1) The accounts of the former employees are not always removed after the termination of the employment.
2) The database server is in the same network as the computer workstations.
3) Server administrators use the same “Administrator” account.
Download NIST Special Publication 800-53 from this URL:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
NIST SP 800-53 is titled Security and Privacy Controls for Federal Information Systems and Organizations.
This publication helps federal agencies and contractors meet the requirements set by the Federal Information Security Management Act (FISMA). Review the document to familiarize yourself with its contents.
Go to TABLE D-3: SUMMARY — ACCESS CONTROL, which is in the Appendix-D of the document. Fill out the following table.
Security Problem in Pharmaceutical Company Control No and Control Name in SP 800-53
Question 2
Although your company is not a federal organization, explain how NIST SP 800-53 can help your organization in increasing security maturity as if you are explaining it to your CEO or another important non-technical person.
Question 3 – Weekly Learning and Reflection
In two to three paragraphs of prose (i.e., sentences, not bullet lists) using APA style citations if needed, summarize and interact with the content that was covered this week in class. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, enlightened, or otherwise engaged you. Make sure to include at least one thing that you’re still confused about or ask a question about the content or the field. In other