Select Page

Learning Goal: I’m working on a cyber security question and need an explanation and answer to help me learn.
Assignment Instructions:
Using Word or a Word-compatible word processor, submit the following deliverables. For
written responses, each answer should be 350-400 words (2-3 nice paragraphs/about a page) at
a minimum, well-written, and cover the topic fully. Use a standard 12-point font (Calibri
preferred), double-space, and use 1” margins all around.
If you use information found outside of the text in your answer (this is highly encouraged), cite
your source(s). Make sure to number your answers appropriately. If you are skipping an
answer, number as usual and note “No Answer” or “Question skipped.”
Assignment Overall Scenario:
Assume you are an entry-level security administrator working for Always Fresh. Always Fresh
Foods Inc. is a food distributor with a central headquarters and main warehouse in Colorado, as
well as two regional warehouses in Nevada and Virginia.
The company runs Microsoft Windows 2019 on its servers and Microsoft Windows 10 on its
workstations. There are 2 database servers, 4 application servers, 2 web servers, and 25
workstation computers in the headquarters offices and main warehouse. The network uses
workgroups, and users are created locally on each computer. Employees from the regional
warehouses connect to the Colorado network via a virtual private network (VPN) connection.
Due to a recent security breach, Always Fresh wants to increase the overall security of its
network and systems. They have chosen to use a solid multilayered defense to reduce the
likelihood that an attacker will successfully compromise the company’s information security.
Multiple layers of defense throughout the IT infrastructure makes the process of compromising
any protected resource or data more difficult than any single security control. In this way,
Always Fresh protects its business by protecting its information.
Scenario
Changing access controls can have some undesirable effects. Therefore, it is important to
carefully consider changes before making them and provide mechanisms to reverse changes if
they have unexpected consequences.
Always Fresh management has asked you to develop procedures for changing any access
controls.
The purpose of these procedures is to ensure that staff:
• Understand and document the purpose of each access control change request
Know what access controls were in place before any changes• Get an approval of change by management• Understand the scope of the change, both with respect to users, computers, and objects• Have evaluated the expected impact of the change• Know how to evaluate whether the change meets the goals• Understand how to undo any change if necessaryTasksCreate a guide that security personnel will use that includes procedures for implementing anaccess control change.The procedure guide must contain the steps Always Fresh security personnel should take toevaluate and implement an access control change. You can assume any change requests youreceive are approved. Ensure that your procedures include the following:• Status or setting prior to any change• Reason for the change• Change to implement• Scope of the change• Impact of the change• Status or setting after the change• Process to evaluate the change