Question Description
I’m working on a information technology writing question and need the explanation and answer to help me learn.
As a Chief Information Security Officer (CISO) at a high profile technology company that handles the sensitive HIPAA (Healthcare) and other Personally Identifiable Information for local governments. Before you came in, the information security policies and procedures became very relaxed and were no enforced at all. As part of your new role, you’ve been asked to come up with new policies and procedures for authentication and access control to prevent information leakage.
Write a document highlighting the policies and procedures you’d like to implement in the company. You can also propose the purchase of new equipment or software for employees, if it supports one of the update policies and procedures (e.g. Hardware tokens, Password Managers, etc.). Along with the policy and procedure, write a summary of what this policy will do to prevent unauthorized users from authenticating on the systems, how it balances the desire of employees to have a simple system while maintaining important security policies.
Please consider both the Authentication methods and Access Control policies from each user’s computer system.