Posted: February 27th, 2022

Security Awareness Brochure

Security Awareness Brochure

Definition of terms
Authentication, Authorization, and Access control (AAA), are important components of cybersecurity. In the analysis of systems and designs, Authentication and Authorization are the main security components that assist to enhance the system’s security. Basically, authentication refers to the initial line of defense in a system’s accessibility because it is a process that focuses on establishing whether certain entities have been given the rights to access the resources of a system. In doing so, authentication thus serves to assure the confidentiality and integrity of the system, which in turn builds the confidence of the user as their security and data confidentiality is guaranteed.
Authorization denotes to a security mechanism that is utilized to establish user/client privileges or levels of access associated with system resources, encompassing computer programs, services, data, files and features of application. Authentication normally precedes authorization in the verification of user identity. System administrators are normally given levels of permission covering all user and system resources. Therefore, authorization serves to allow user request as per the set regulation mechanisms; this may encompass the Access Control List (ACL) that specifies the duties of the user in the system.
Access control refers to the security technique that is used to control who or what can view or utilize resources in a computing environment. In this regard, it is a basic concept that minimizes security risk in an organization. There are three types of access control- the discretionary access control (DAC), in which administrators of the safeguarded system, resource or data set the policies that define who or what is authorized to access the resource; the mandatory access control (MAC), in which rights of access are controlled by a central authority based on many security levels; and role-based access control (RBAC) that limits access to computer resources based on groups or individuals with described business functions.
Policies and procedures necessary to implement the recommendations
• There is the need to develop a security policy. The security policy should provide clear rules and guidelines with regards to the technical and non-technical strategies that the employees are required to adhere to.
• Privacy policy: this is a policy that requires the employees to keep the information of customers (i.e. personally identifiable information, customer information, and personal health information) confidential and not release it to third parties.
• Strong passwords: Employees are required to use strong passwords that incorporate capital letters, small letters, numbers and several characters. Notably, data is protected through a 2-factor authentication, and therefore, employees will need to use a password and a personal identification number to access company data.
• Incident report procedures: this outlines the various steps the personnel in the company need to take in the event of an incident. This is aimed at mitigating the damages to customers and business operations.
• Acceptable User policy: this outlines the restrictions and practices that the employees utilizing organizational IT assets must agree so as to gain access to the corporate network or the internet
• Procedures for protecting data: this highlights the various processes employees should follow when transacting and purchasing items online. The processes also provide guidelines on how to conduct customer requests, payments and online enquiries safely on the web

Order | Check Discount