Allowing users and computers unlimited access to system resources and network resources can ultimately compromise the security and stability of an organization. Even though users and computers need to access network and system resources to perform certain tasks, the access that they require should be limited to those necessary to perform these tasks.
Because the management of security groups, and security settings needs careful planning, you need to create an access control plan that could assist in preventing standard security problems from occurring. Standard security problems you want to prevent from occurring are:
- Inefficiently protecting network resources
- Assigning users too much rights and permissions, or too little rights and permissions to perform their daily tasks. You should strive to assign users, services, and computers with the least number of privileges necessary to perform the tasks they need to.
- Continuously performing ad hoc security configurations to correct security settings.
A good access control plan should include the following components or tasks.
- Security goals: This component of the security plan should identify the resources and processes that you want to control access to.
- Security risks: You should identify the security vulnerabilities of the organization and identify security loopholes. The following elements should be included when analyzing security risks:
- Physical data loss
- Data corruption
- Unauthorized data access and data modification
- Incorrectly configured permissions that could lead to security breaches.
- Security strategies: This component should outline general security strategies that deals with all possible threats identified as security risks.
- Security group descriptions: You should identify the permissions which you want to apply to different users, user groups, and resources. From this information, you should define security groups so that you can implement permissions effectively.
- Security policy: Determine the configuration settings you want to implement for the Security Settings of Group Policy if you are using Active Directory.
- Information security strategies: This component should detail the manner in which you plan to implement information security solutions like encrypting file system (EFS), if applicable for your environment.
- Administrative policies: This component involves detailing those policies for delegating administrative tasks, and should also include all your auditing practices.