Comparing Network Policies: Privileged User Agreement vs. Data Access Agreement - Research Paper

Introduction

Numerous organizational network policies govern the activities of the employees on a network, as well as protecting digital data of the organization from internal and external malicious intents. The network policies and practices that companies approach vary depending on the company. The following is an in-depth comparative analysis of the network policies.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Privileged User Agreement

The privileged user agreement is the network policy that allows a person, either client, employee or visitor, to perform actions that have effects on either the computing systems and programs, network communication, as well as administrative accounts. Such a user has access to other user's information and data and can efficiently process the files. System and network administrators, as well as computing account employees, are a group of people in an organization that generally have privileged user agreements. Privileged Access Management (PAM) is essential in an organization as it aids tracking of the activities of people in the accounts, monitoring changes in the password as well as the frequency with which the people access the accounts [4]. The monitoring aspect is critically essential as it helps in accountability and responsibility. However, privileged user agreement may hinder operations in an organization in case the responsible personnel is absent.

Password Policy

The password policy outlines the measures that organizations take to protect access to data, information, network and systems of the company. Unlike the PAM which is available to a specific group of people in the company, the password policy may dictate that every employee has different passwords [5]. The password policy only locks out unauthorized access but cannot specify the point where the authorization passwords have been applied. Some of the organizational policies on the use of passwords include the strength of the password, protecting the passwords and adhering to the administrative password policy practices. The strength of the password policy relies on the confidentiality of the password to unauthorized personnel. For best practices in password protection, the minimum and maximum remembrance periods are three days and 90 days, respectively [4]. The passwords should be a combination of alphanumeric with both caps and lower-key letters.

On-Boarding and Off-Boarding Procedures

On-boarding and off-boarding are critical elements in an organization that operates under both on-site and off-site employee programs. It ensures that the company is in control of corporate data. On-boarding training involves the recruitment of a team of employees into the organization through training and signing legal agreements. The primary aim of onboarding is to ensure that cases of breach of contract in terms of cybercrimes. On-boarding offers an opportunity for the organization to determine the group of employers that needs monitoring. The group includes the privileged users. Off-boarding, on the other hand, aims at protecting organizational data that employees might have accumulated during their engagement with the company. On-boarding and off-boarding relate to the password policy and privileged user agreement in that it grants and withdraw access to the organizational data.

Licensing Restrictions

Licensing restrictions are the protection mechanisms that in most cases, involve the security of digital files such as computer programs. Organizations that develop computer programs use licensing restrictions to prevent the possibilities of the employees selling copyrighted programs. One of the methods of licensing restrictions is the use of license files. Such files are bound to specific networks or host ID. However, the license server can allow the programs to be available on any computer sharing the same host ID. Licensing restrictions rely on user limit for the organization's servers. Unlike the password policy that protects access to the network, server, or files in a computer, the licensing restrictions protect copyright as well as access to specific program utilities. Password policy is, at times, applicable in the licensing restrictions. In addition to that, on-boarding and off-boarding are vital means through which organizations enforce the licensing limitations.

International Export Controls

The international export controls primarily focus on the security of data and digital information by ensuring the hardware components. Unlike the password policy that focuses on the security of data within the device, the international export controls ensure that the computing devices and software programs adhere to international consumer standards. The primary role of international export control is to promote compliance cultures amongst producers.

Data Loss Prevention

Data loss prevention refers to the mechanisms and technological approaches that organizations implement to ensure that sensitive information and data are secure. Data loss prevention technology and software prevent external and internal breaches and filtration in the communication networks that would result in organizations losing critical information. Data loss prevention reinforces mechanisms such as licensing restrictions, password policy and PAM in safeguarding essential information. Thus, in addition to password policies, an organization can use data protection to shield emails, software, and applications and unauthorized data transfer via a network.

Remote Access Policies

The remote access policies outline the regulations about the access to internal organizational networks from any location. These policies stipulate the right approach towards accessing the organization's files, programs, data and system. Obtaining this information remotely has a significant effect on the security of the materials [3]. Remote access is the most sensitive part of data access. Therefore, organizations apply similar measures as those of privileged user agreement when granting remote access to employees or clients. Remote access and password policies complement each other for digital security in the company. Remote access is essential for large companies operating in different geographical locations. It allows internal cooperation in a company.

Incident Response Policies

The incident response policy aims at providing mitigation solutions in case information security breaches occur in the organization. Companies have different ways of providing rapid response to information and data breaches. These policies come in play when the password policies or remote access policies fail to lead to malicious attacks. Thus, incidence response acts as a fail-safe mechanism for password policies, remote access, and data loss prevention, among others.

BYOD

BYOD is a technological abbreviation for "Bring Your Own Device". It is an organizational policy that requires clients or employees in some cases to carry personal devices when they intend to access the organization's network. Companies prefer their smartphones, computers, laptops, and other devices so that they can regulate the client's activity when accessing a secure organization's network. Just like the password, remote access, and data loss prevention policies, BYOD protects the organization from malware attacks and unauthorized share of data. However, they are less effective compared to privileged user access and password policies.

AUP

The AUP or Accepted User Policy outlines the regulatory environment governing the use of a website, network or internet service. There are numerous similarities between AUP and the licensing agreements. Companies use AUP to regulate activities on their networks and traffic on the websites. The primary aim of AUP is to protect the site or network from malicious attacks resulting from excess traffic. Just like data loss prevention, AUP protects intellectual rights and prevent malware and virus attacks. However, AUP does not act as a password policy [1].

NDA

The NDA or Non-Disclosure Agreement refers to the document that legalizes agreements or contracts between parties. The NDA ensures that each of the parties agrees never to share the details of any deal that would affect the other party. NDA operates on the same grounds as the on-boarding and off-boarding. Unlike password policies, they do not protect an organization from external malicious intents. They only protect an organization's intellectual contents within the boundaries of the two parties. They are efficient when dealing with pertinent or copyrighted programs, data, or files [2].

System Life Cycle (Asset Disposal)

The system life cycle refers to the useful life of a component especially a computer hardware system in the realm of technology. It refers to the period through which a part serves its intended use purpose before ultimate disposal. The system life cycle close relates to the international export controls which govern the quality of the exported computer hardware. The system life cycle is not an actual security policy but serves as a vital part of technological success. It determines the tendency of a component to withstand malicious intents.

Safety Procedures and Policies

The safety policies entail all the measures that organizations put in place to protect the company from data breaches, malware attack and unauthorized data access. There are various forms of safety protocols in an organization. Some of the common types of safety procedures include privileged access, password policies, NDA, BYOD, AUP, among others. All these policies and procedures ensure that the organization's network, data, and information are safe from both internal and external attacks [3].

References

[1] Christensson, Per. "AUP Definition." TechTerms. Sharpened Productions, 16 January 2014. Web. 25 March 2020. https://techterms.com/definition/aup. [Accessed March 25, 2020]

[2] Dupont, Eric P., Seshakrishnan Srinivasan, and Frank D. Andrus. "Network access control system and method for devices connecting to the network using remote access control methods." U.S. Patent No. 9,369,299. 14 Jun. 2016.

[3] Maurino, Daniel E., et al. "Beyond aviation human factors: Safety in high technology systems." Routledge, 2017.

[4] Wazid, Mohammad, et al. "A novel authentication and key agreement scheme for implantable medical devices deployment." IEEE Journal of biomedical and health informatics 22.4 (2017): 1299-1309.

[5] Yang, Shukun, Shouling Ji, and Raheem Beyah. "DPPG: A Dynamic Password Policy Generation System." IEEE Transactions on Information Forensics and Security 13.3 (2017): 545-558.