The case study company has provided you with the flexibility to identify many different information systems that
are used by the employees. Some systems need strict access control while others should be available to
everyone. What access-control methods need to be employed for the various systems? How can the company
protect the new consultant network while at the same time providing the protection of data that the
stakeholders and customers require?
In addition, you have been asked to describe 2 access control mechanisms and consider if they can be used in
the organization. Describe single sign-on (SSO) and virtual private network (VPN) technology and if they can
be used in the company.
Complete the following section for Week 3:
Week 3: Access Controls and Security Mechanisms
For each of the applications and systems that were described in IP 2, describe the access control mechanisms
that are needed for each.
Describe how the new expanded network can be protected through access control.
Describe SSO and VPN technology, and discuss whether they can be used in the company.
Name the document “CS651_FirstnameLastname_IP3.doc.”
Worked Example
Please refer to the following worked example of this assignment based on the problem-based learning (PBL)
scenario. The worked example is not intended to be a complete example of the assignment, but it will illustrate
the basic concepts that are required for completion of the assignment, and it can be used as a general
guideline for your own project. Your assignment submission should be more detailed and specific, and it should
reflect your own approach to the assignment rather than just following the same outline.
Access Controls and Security Mechanisms (Week 3)
The focus of this section is to examine the access control model of the previously identified applications.
A potential review of the existing system could take place, but a proposed final solution needs to take
place for each application. A proposed solution for the new Wi-Fi network is also given.
Access Controls of Existing Applications
The application list from Week 2 with needed access controls (examples):
System Proposed Access Control
Identification/Authentication Authorization
ERP Single sign-on technology (SSO) Role-based access control
Desktop Active Directory Role-based access control
Access Controls to the Wi-Fi Network
A detailed description of how access controls should be implemented is provided. An example of a
network segregation diagram (not required but could be implemented) is as follows
Sample Solution
