Scribd
Upload
28 views

Week 1 Discussion

The document discusses two fundamental security design principles for a healthcare company: applying the principle of least privilege when granting access to resources, and enabling multifactor authentication for employees. Applying least privilege limits employees to only the resources necessary to do their jobs. Multifactor authentication requires logging in with both a password and secondary verification. Following these principles enhances security by reducing risks of cyber attacks and misuse of resources.

Uploaded by

Srinivas Aditya
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views

Week 1 Discussion

The document discusses two fundamental security design principles for a healthcare company: applying the principle of least privilege when granting access to resources, and enabling multifactor authentication for employees. Applying least privilege limits employees to only the resources necessary to do their jobs. Multifactor authentication requires logging in with both a password and secondary verification. Following these principles enhances security by reducing risks of cyber attacks and misuse of resources.

Uploaded by

Srinivas Aditya
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Fundamental Security Design Principles.

Since I work in a health care company and for us, security is the most important factor when it
comes to protecting the data of the employee or an external client. There are several criteria
that we need to consider when designing a solid security principle. Some of them can be seen
below.

1. Applying Principle of Least Privilege: When it comes to creating a new account or


granting access to an employee in a particular project, we always apply the principle of
least privilege. It means the resource will be granted access to only view and access
least number of resources. If they want to access a specific resource, a request must be
made in which the employee can be granted the privilege to access that particular
resource within the given time frame (Edge, I. 2010). That way, security can be
enhanced and there won’t be any misuse of resources.
2. Enabling MFA: By enabling multifactor authentication for the employees, it helps the
team members to ensure they are logging in by two separate authorizations. One is by
using a normal username and password, the other one is by verifying/validating the
security credentials by sending an external code to the user’s email or mobile and ask
them to authorize it. In our company, we use CyberArk and RSA security token for
logging into the cloud environments in addition to the secure VPN connection that the
employees use to connect to the network of the company.

By using these two design principles, it enhances the security of the employee and the
organization by eliminating any risks of cyber security or DDos attacks.

Reference: Edge, I. (2010). Employ Five Fundamental Principles to Produce a SOLID, Secure
Network. Information Security Journal: A Global Perspective, 19(3), 153–159.

You might also like