Richman Investments’ policy on remote access control:
At Richman Investments, authorization for computer and network resources can be obtained through either a group membership policy or an authority-level policy. With a group membership policy, the administrator can assign different privileges to various groups and then add individual users to these groups. This ensures that user permissions are determined by their group affiliation. On the other hand, an authority-level policy involves the administrator granting different permissions to individual users based on their position and level of authority within the company, considering the access needed for their specific role.
Richman Investments needs a unique identifier for each user in order to keep accurate records of application access, attempted access, network resource usage, and data retrieval. Common methods of identification include usernames, account numbers, or PINs.
The security of remote access to Richman Investments requires authentication to ensure that the person attempting to access the network remotely is the same person who has been authorized. To achieve this, RI can utilize one of the following types of knowledge authentication: PIN, password, or passphrase, along with one of the following types of ownership authentication: smart card, key, badge, or token. Combining ownership authentication and knowledge authentication enhances overall security.
Richman Investments must ensure users are held accountable for their actions on the system by using log files to detect, prevent, or monitor system access. Additionally, RI must prioritize data security in compliance with various privacy laws. This entails managing data retention, storage methods, proper disposal of media, and adherence to compliance requirements.