SlideShare uma empresa Scribd logo

Security Access Control Requirements Gathering Pack

Transferir como PPTX, PDF
A
Amy Slater

This is a pack that I create to gather business requirements for a new Security Access Control system. It inlcudes basic questions that you should ask when completing an initial scoping exercise.

Tecnologia
1 de 21
Access Control Requirements Gathering Session 1
• The business requirements will form the basis of future projects and will determine the eventual scope. • If a ‘need’ is not raised as a requirement, the project will not know that the system must perform an action- therefore it will not be included within the scope of the project or included within the end solution. • The requirements will be base-lined at the end of the Initiate Phase. Any requirements submitted after this date will not be accepted without a change request and associated funding (where applicable). • The identified business stakeholders are responsible for ensuring that all requirements are raised during the Initiate Requirements gathering process. The Importance of Requirement Gathering
• Review each area of Access Control functionality. • Prepare a set of draft Access Control BUSINESS requirements for each of the functional areas. • Agree a priority for each draft requirement. • Agree next steps, actions and areas for further investigation. Workshop 1 Objectives
Defining the Threat- Review
• What threats are present? • What are the drivers for an access control system? i.e. controlling visitor numbers, protecting people, protecting assets, anti-tailgating, anti-pass back, etc? • Who and what are we trying to protect? Defining the Nature of the Threat- Discussion
Areas of Concern
• What general areas need to be controlled?- areas, rooms, locations etc? • What exceptions exist?- i.e. Fire Exits etc? • What areas require enhanced access control?- i.e. Equipment Rooms, Data Centres etc • Why do these areas need to be controlled? What is the related threat? • What is the level of risk associated with these areas? • What is the function of installing control in these areas? Areas of Concern (General)- Discussion
• What vulnerable points exist for each area to be controlled?- doors, windows, air conditioning shafts, conduits etc • What points should have access control? • Should access be controlled on a location by location basis or should access be controlled to area ‘types’? Areas of Concern (Specific)- Discussion
Health & Safety
• Are there any legal requirements? Health & Safety or Disability & Discrimination Act? • How should access control act in case of an emergency?- i.e. release on emergency? • What is the definition of an emergency? • What fire officer requirements exist? • What provisions should be granted to the blue light services? • What are the requirements for disabled access? • When will the access system be operation? 247/ 365 or night time only? Health & Safety- Discussion
Type of Access Control
• Should the system be automatic or manned? • What types of barriers should be used for each of the areas in scope?- door locks, arm barriers, vehicle block devices etc? • What types of additional barriers should be used for the priority locations?- electronic keys, finger print scanning? • What type of verification measures should be used? Electronic key card, IRIS scan, Finger print recognition, ID codes, keys etc. • What should the user do when access is denied? Should an intercom system be present? Types of Access Control- Discussion
• How often will the access control be used in each of the areas? • What level of security should be in place? • If the power drops what should happen? • Anti-Tamper mechanisms? Technical Details Discussion
Operational Considerations
• How will access control be managed?- customer, Staff, Disabled Visitors/ Staff, Contractors etc? • What information will be captured against each person granted access? Name, address, role, date given, expiry date etc? • What period should access be granted for? • What types of protected access should be provided? • How will deliveries be controlled? • Where will data entry and monitoring of alarm activity take place? • How will data for entry or modification be gathered? • How will security clearance be processed? Operational Issues- Discussion
Integration to Other Systems
• Should there be integration between the Access Control System and other systems? i.e. CCTV system? • What information should pass between the systems? Integration Discussion
Management Information, Reporting & Maintenance
• What information should the system capture? • Successful access- user ID, time, location etc.? • Unsuccessful access- user ID, time, location, number of attempts etc.? • Should information be captured and available to view in real time? i.e. should it be possible to identify where an individual is located at all time? • What reports should be available from the system? • Should the system automatically alert based on event triggers? If so, what events should trigger alerts and how should the system alert? • What should the system do in the event of a breach? – i.e. a door is forced? Management Information & Reporting Discussion
• What should the system do in the event that an access control point fails in the following scenarios: • Access point looses power • Access point fails- i.e. reader not able to read card • Access point operational but input not detected- i.e. an issue with the card. • Access point breached? Support & Maintenance Discussion
Any Questions?

Recomendados

IT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, TrendIT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, TrendVoyage Services Inc.
 
Provide first level remote help desk support
Provide first level remote help desk supportProvide first level remote help desk support
Provide first level remote help desk supportGera Paulos
 
Technical Support Helpdesk
Technical Support HelpdeskTechnical Support Helpdesk
Technical Support HelpdeskGagan Singh
 
Helpdesk Services
Helpdesk ServicesHelpdesk Services
Helpdesk ServicesGss America
 
Agile Requirements Gathering Techniques
Agile Requirements Gathering TechniquesAgile Requirements Gathering Techniques
Agile Requirements Gathering TechniquesOnur Demir
 
business requirements functional and non functional
business requirements functional and non functionalbusiness requirements functional and non functional
business requirements functional and non functionalCHANDRA KAMAL
 
ITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem ManagementITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem ManagementAutotask
 
Running an Efficient Service Desk
Running an Efficient Service DeskRunning an Efficient Service Desk
Running an Efficient Service DeskAutotask
 

Recomendados

IT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, TrendIT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, TrendVoyage Services Inc.
 
Provide first level remote help desk support
Provide first level remote help desk supportProvide first level remote help desk support
Provide first level remote help desk supportGera Paulos
 
Technical Support Helpdesk
Technical Support HelpdeskTechnical Support Helpdesk
Technical Support HelpdeskGagan Singh
 
Helpdesk Services
Helpdesk ServicesHelpdesk Services
Helpdesk ServicesGss America
 
Agile Requirements Gathering Techniques
Agile Requirements Gathering TechniquesAgile Requirements Gathering Techniques
Agile Requirements Gathering TechniquesOnur Demir
 
business requirements functional and non functional
business requirements functional and non functionalbusiness requirements functional and non functional
business requirements functional and non functionalCHANDRA KAMAL
 
ITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem ManagementITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem ManagementAutotask
 
Running an Efficient Service Desk
Running an Efficient Service DeskRunning an Efficient Service Desk
Running an Efficient Service DeskAutotask
 
Requirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationRequirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationMohamed Shaaban
 
Managing a Major Incident
Managing a Major IncidentManaging a Major Incident
Managing a Major IncidentNUS-ISS
 
Technical Support Manual Training
Technical Support Manual TrainingTechnical Support Manual Training
Technical Support Manual TrainingSuperb Internet Training Division
 
Strategies for adopting self service and automation
Strategies for adopting self service and automationStrategies for adopting self service and automation
Strategies for adopting self service and automationDan Wilson
 
Resume - Sanjit Mitra
Resume - Sanjit MitraResume - Sanjit Mitra
Resume - Sanjit MitraSanjit Mitra
 
Requirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessRequirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessElastic Path
 
End User Support Presentation
End User Support Presentation End User Support Presentation
End User Support Presentation Self employed
 
Writing effective requirements
Writing effective requirementsWriting effective requirements
Writing effective requirementsLiz Lavaveshkul
 
Help Desk Presentation 09202009
Help Desk Presentation 09202009Help Desk Presentation 09202009
Help Desk Presentation 09202009guest75acf2
 
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAJOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAHoward Thebeyapelo
 
Naveen Kumar Srivastav
Naveen Kumar SrivastavNaveen Kumar Srivastav
Naveen Kumar SrivastavNaveen Srivastav
 
Uncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesUncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesNet at Work
 
Asset Management Leading Practices
Asset Management Leading PracticesAsset Management Leading Practices
Asset Management Leading Practicesjohnnyg14
 
IFS Service Desk
IFS Service DeskIFS Service Desk
IFS Service DeskEnvecon
 
06 business and functional requirements
06 business and functional requirements06 business and functional requirements
06 business and functional requirementsNamita Razdan
 
ASUG Utilities Presentation
ASUG Utilities PresentationASUG Utilities Presentation
ASUG Utilities PresentationMichael Robinson
 
BPSim The Technical Support Use Case
BPSim The Technical Support Use CaseBPSim The Technical Support Use Case
BPSim The Technical Support Use CaseDenis Gagné
 
Erp process flow
Erp process flowErp process flow
Erp process flowKannathasan Meipporul
 
Requirements Management
Requirements ManagementRequirements Management
Requirements ManagementShwetha-BA
 
Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience FactorsSurveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience Factorsippnw
 
CRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshopCRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshopTrilateral Research
 
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent VisionMatrix Comsec
 

Mais conteúdo relacionado

Mais procurados

Requirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationRequirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationMohamed Shaaban
 
Managing a Major Incident
Managing a Major IncidentManaging a Major Incident
Managing a Major IncidentNUS-ISS
 
Strategies for adopting self service and automation
Strategies for adopting self service and automationStrategies for adopting self service and automation
Strategies for adopting self service and automationDan Wilson
 
Resume - Sanjit Mitra
Resume - Sanjit MitraResume - Sanjit Mitra
Resume - Sanjit MitraSanjit Mitra
 
Requirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessRequirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessElastic Path
 
End User Support Presentation
End User Support Presentation End User Support Presentation
End User Support Presentation Self employed
 
Writing effective requirements
Writing effective requirementsWriting effective requirements
Writing effective requirementsLiz Lavaveshkul
 
Help Desk Presentation 09202009
Help Desk Presentation 09202009Help Desk Presentation 09202009
Help Desk Presentation 09202009guest75acf2
 
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAJOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAHoward Thebeyapelo
 
Uncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesUncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesNet at Work
 
Asset Management Leading Practices
Asset Management Leading PracticesAsset Management Leading Practices
Asset Management Leading Practicesjohnnyg14
 
IFS Service Desk
IFS Service DeskIFS Service Desk
IFS Service DeskEnvecon
 
06 business and functional requirements
06 business and functional requirements06 business and functional requirements
06 business and functional requirementsNamita Razdan
 
ASUG Utilities Presentation
ASUG Utilities PresentationASUG Utilities Presentation
ASUG Utilities PresentationMichael Robinson
 
BPSim The Technical Support Use Case
BPSim The Technical Support Use CaseBPSim The Technical Support Use Case
BPSim The Technical Support Use CaseDenis Gagné
 
Requirements Management
Requirements ManagementRequirements Management
Requirements ManagementShwetha-BA
 

Mais procurados (19)

Requirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationRequirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and Elicitation
 
Managing a Major Incident
Managing a Major IncidentManaging a Major Incident
Managing a Major Incident
 
Technical Support Manual Training
Technical Support Manual TrainingTechnical Support Manual Training
Technical Support Manual Training
 
Strategies for adopting self service and automation
Strategies for adopting self service and automationStrategies for adopting self service and automation
Strategies for adopting self service and automation
 
Resume - Sanjit Mitra
Resume - Sanjit MitraResume - Sanjit Mitra
Resume - Sanjit Mitra
 
Requirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessRequirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project Success
 
End User Support Presentation
End User Support Presentation End User Support Presentation
End User Support Presentation
 
Writing effective requirements
Writing effective requirementsWriting effective requirements
Writing effective requirements
 
Help Desk Presentation 09202009
Help Desk Presentation 09202009Help Desk Presentation 09202009
Help Desk Presentation 09202009
 
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAJOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
 
Naveen Kumar Srivastav
Naveen Kumar SrivastavNaveen Kumar Srivastav
Naveen Kumar Srivastav
 
Uncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesUncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT Services
 
Asset Management Leading Practices
Asset Management Leading PracticesAsset Management Leading Practices
Asset Management Leading Practices
 
IFS Service Desk
IFS Service DeskIFS Service Desk
IFS Service Desk
 
06 business and functional requirements
06 business and functional requirements06 business and functional requirements
06 business and functional requirements
 
ASUG Utilities Presentation
ASUG Utilities PresentationASUG Utilities Presentation
ASUG Utilities Presentation
 
BPSim The Technical Support Use Case
BPSim The Technical Support Use CaseBPSim The Technical Support Use Case
BPSim The Technical Support Use Case
 
Erp process flow
Erp process flowErp process flow
Erp process flow
 
Requirements Management
Requirements ManagementRequirements Management
Requirements Management
 

Destaque

Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience FactorsSurveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience Factorsippnw
 
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent VisionMatrix Comsec
 
CCTV Systems from CCTVfirst
CCTV Systems from CCTVfirstCCTV Systems from CCTVfirst
CCTV Systems from CCTVfirstAneetahari
 
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4David Dunlap
 
Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11Nancy Coq
 
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...Fatemeh Ahmadi
 
Security CCTV System Requirements Gathering Pack
Security CCTV System Requirements Gathering PackSecurity CCTV System Requirements Gathering Pack
Security CCTV System Requirements Gathering PackAmy Slater
 
Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)Lj Wicks
 

Destaque (11)

Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience FactorsSurveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
 
CRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshopCRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshop
 
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
 
CCTV Systems from CCTVfirst
CCTV Systems from CCTVfirstCCTV Systems from CCTVfirst
CCTV Systems from CCTVfirst
 
Satori WP1 slides
Satori WP1 slidesSatori WP1 slides
Satori WP1 slides
 
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
 
Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11
 
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
 
Security CCTV System Requirements Gathering Pack
Security CCTV System Requirements Gathering PackSecurity CCTV System Requirements Gathering Pack
Security CCTV System Requirements Gathering Pack
 
Safe City 1.0
Safe City 1.0Safe City 1.0
Safe City 1.0
 
Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)
 

Semelhante a Security Access Control Requirements Gathering Pack

crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptxdotco
 
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...Accellis Technology Group
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptxdotco
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
experience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptexperience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptPawachMetharattanara
 
ITIL-v3-Incident-Management-Process-PPT-RED.pdf
ITIL-v3-Incident-Management-Process-PPT-RED.pdfITIL-v3-Incident-Management-Process-PPT-RED.pdf
ITIL-v3-Incident-Management-Process-PPT-RED.pdfManishKumar526001
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptxdotco
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggSaurabh846965
 
NPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the BoxNPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the BoxMarla Williams
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practiceZoneFox
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Chinatu Uzuegbu
 
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...PECB
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 

Semelhante a Security Access Control Requirements Gathering Pack (20)

crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptx
 
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Marketing wi comply
Marketing wi complyMarketing wi comply
Marketing wi comply
 
Soc
SocSoc
Soc
 
experience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptexperience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.ppt
 
ITIL-v3-Incident-Management-Process-PPT-RED.pdf
ITIL-v3-Incident-Management-Process-PPT-RED.pdfITIL-v3-Incident-Management-Process-PPT-RED.pdf
ITIL-v3-Incident-Management-Process-PPT-RED.pdf
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptx
 
kinerja smk3
kinerja smk3kinerja smk3
kinerja smk3
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_Controlsggggggggggggggggg
 
NPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the BoxNPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the Box
 
ITIL # Lecture 8
ITIL # Lecture 8ITIL # Lecture 8
ITIL # Lecture 8
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 

Último (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Security Access Control Requirements Gathering Pack

  • 1. Access Control Requirements Gathering Session 1
  • 2. • The business requirements will form the basis of future projects and will determine the eventual scope. • If a ‘need’ is not raised as a requirement, the project will not know that the system must perform an action- therefore it will not be included within the scope of the project or included within the end solution. • The requirements will be base-lined at the end of the Initiate Phase. Any requirements submitted after this date will not be accepted without a change request and associated funding (where applicable). • The identified business stakeholders are responsible for ensuring that all requirements are raised during the Initiate Requirements gathering process. The Importance of Requirement Gathering
  • 3. • Review each area of Access Control functionality. • Prepare a set of draft Access Control BUSINESS requirements for each of the functional areas. • Agree a priority for each draft requirement. • Agree next steps, actions and areas for further investigation. Workshop 1 Objectives
  • 5. • What threats are present? • What are the drivers for an access control system? i.e. controlling visitor numbers, protecting people, protecting assets, anti-tailgating, anti-pass back, etc? • Who and what are we trying to protect? Defining the Nature of the Threat- Discussion
  • 7. • What general areas need to be controlled?- areas, rooms, locations etc? • What exceptions exist?- i.e. Fire Exits etc? • What areas require enhanced access control?- i.e. Equipment Rooms, Data Centres etc • Why do these areas need to be controlled? What is the related threat? • What is the level of risk associated with these areas? • What is the function of installing control in these areas? Areas of Concern (General)- Discussion
  • 8. • What vulnerable points exist for each area to be controlled?- doors, windows, air conditioning shafts, conduits etc • What points should have access control? • Should access be controlled on a location by location basis or should access be controlled to area ‘types’? Areas of Concern (Specific)- Discussion
  • 10. • Are there any legal requirements? Health & Safety or Disability & Discrimination Act? • How should access control act in case of an emergency?- i.e. release on emergency? • What is the definition of an emergency? • What fire officer requirements exist? • What provisions should be granted to the blue light services? • What are the requirements for disabled access? • When will the access system be operation? 247/ 365 or night time only? Health & Safety- Discussion
  • 11. Type of Access Control
  • 12. • Should the system be automatic or manned? • What types of barriers should be used for each of the areas in scope?- door locks, arm barriers, vehicle block devices etc? • What types of additional barriers should be used for the priority locations?- electronic keys, finger print scanning? • What type of verification measures should be used? Electronic key card, IRIS scan, Finger print recognition, ID codes, keys etc. • What should the user do when access is denied? Should an intercom system be present? Types of Access Control- Discussion
  • 13. • How often will the access control be used in each of the areas? • What level of security should be in place? • If the power drops what should happen? • Anti-Tamper mechanisms? Technical Details Discussion
  • 15. • How will access control be managed?- customer, Staff, Disabled Visitors/ Staff, Contractors etc? • What information will be captured against each person granted access? Name, address, role, date given, expiry date etc? • What period should access be granted for? • What types of protected access should be provided? • How will deliveries be controlled? • Where will data entry and monitoring of alarm activity take place? • How will data for entry or modification be gathered? • How will security clearance be processed? Operational Issues- Discussion
  • 17. • Should there be integration between the Access Control System and other systems? i.e. CCTV system? • What information should pass between the systems? Integration Discussion
  • 19. • What information should the system capture? • Successful access- user ID, time, location etc.? • Unsuccessful access- user ID, time, location, number of attempts etc.? • Should information be captured and available to view in real time? i.e. should it be possible to identify where an individual is located at all time? • What reports should be available from the system? • Should the system automatically alert based on event triggers? If so, what events should trigger alerts and how should the system alert? • What should the system do in the event of a breach? – i.e. a door is forced? Management Information & Reporting Discussion
  • 20. • What should the system do in the event that an access control point fails in the following scenarios: • Access point looses power • Access point fails- i.e. reader not able to read card • Access point operational but input not detected- i.e. an issue with the card. • Access point breached? Support & Maintenance Discussion