SlideShare ist ein Scribd-Unternehmen logo

Security Access Control Requirements Gathering Pack

Als PPTX, PDF herunterladen
A
Amy Slater

This is a pack that I create to gather business requirements for a new Security Access Control system. It inlcudes basic questions that you should ask when completing an initial scoping exercise.

Technologie
1 von 21
Access Control Requirements Gathering Session 1
• The business requirements will form the basis of future projects and will determine the eventual scope. • If a ‘need’ is not raised as a requirement, the project will not know that the system must perform an action- therefore it will not be included within the scope of the project or included within the end solution. • The requirements will be base-lined at the end of the Initiate Phase. Any requirements submitted after this date will not be accepted without a change request and associated funding (where applicable). • The identified business stakeholders are responsible for ensuring that all requirements are raised during the Initiate Requirements gathering process. The Importance of Requirement Gathering
• Review each area of Access Control functionality. • Prepare a set of draft Access Control BUSINESS requirements for each of the functional areas. • Agree a priority for each draft requirement. • Agree next steps, actions and areas for further investigation. Workshop 1 Objectives
Defining the Threat- Review
• What threats are present? • What are the drivers for an access control system? i.e. controlling visitor numbers, protecting people, protecting assets, anti-tailgating, anti-pass back, etc? • Who and what are we trying to protect? Defining the Nature of the Threat- Discussion
Areas of Concern
• What general areas need to be controlled?- areas, rooms, locations etc? • What exceptions exist?- i.e. Fire Exits etc? • What areas require enhanced access control?- i.e. Equipment Rooms, Data Centres etc • Why do these areas need to be controlled? What is the related threat? • What is the level of risk associated with these areas? • What is the function of installing control in these areas? Areas of Concern (General)- Discussion
• What vulnerable points exist for each area to be controlled?- doors, windows, air conditioning shafts, conduits etc • What points should have access control? • Should access be controlled on a location by location basis or should access be controlled to area ‘types’? Areas of Concern (Specific)- Discussion
Health & Safety
• Are there any legal requirements? Health & Safety or Disability & Discrimination Act? • How should access control act in case of an emergency?- i.e. release on emergency? • What is the definition of an emergency? • What fire officer requirements exist? • What provisions should be granted to the blue light services? • What are the requirements for disabled access? • When will the access system be operation? 247/ 365 or night time only? Health & Safety- Discussion
Type of Access Control
• Should the system be automatic or manned? • What types of barriers should be used for each of the areas in scope?- door locks, arm barriers, vehicle block devices etc? • What types of additional barriers should be used for the priority locations?- electronic keys, finger print scanning? • What type of verification measures should be used? Electronic key card, IRIS scan, Finger print recognition, ID codes, keys etc. • What should the user do when access is denied? Should an intercom system be present? Types of Access Control- Discussion
• How often will the access control be used in each of the areas? • What level of security should be in place? • If the power drops what should happen? • Anti-Tamper mechanisms? Technical Details Discussion
Operational Considerations
• How will access control be managed?- customer, Staff, Disabled Visitors/ Staff, Contractors etc? • What information will be captured against each person granted access? Name, address, role, date given, expiry date etc? • What period should access be granted for? • What types of protected access should be provided? • How will deliveries be controlled? • Where will data entry and monitoring of alarm activity take place? • How will data for entry or modification be gathered? • How will security clearance be processed? Operational Issues- Discussion
Integration to Other Systems
• Should there be integration between the Access Control System and other systems? i.e. CCTV system? • What information should pass between the systems? Integration Discussion
Management Information, Reporting & Maintenance
• What information should the system capture? • Successful access- user ID, time, location etc.? • Unsuccessful access- user ID, time, location, number of attempts etc.? • Should information be captured and available to view in real time? i.e. should it be possible to identify where an individual is located at all time? • What reports should be available from the system? • Should the system automatically alert based on event triggers? If so, what events should trigger alerts and how should the system alert? • What should the system do in the event of a breach? – i.e. a door is forced? Management Information & Reporting Discussion
• What should the system do in the event that an access control point fails in the following scenarios: • Access point looses power • Access point fails- i.e. reader not able to read card • Access point operational but input not detected- i.e. an issue with the card. • Access point breached? Support & Maintenance Discussion
Any Questions?

Empfohlen

IT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, TrendIT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, Trend
Voyage Services Inc.
 
Provide first level remote help desk support
Provide first level remote help desk supportProvide first level remote help desk support
Provide first level remote help desk support
Gera Paulos
 
Technical Support Helpdesk
Technical Support HelpdeskTechnical Support Helpdesk
Technical Support Helpdesk
Gagan Singh
 
Helpdesk Services
Helpdesk ServicesHelpdesk Services
Helpdesk Services
Gss America
 
Agile Requirements Gathering Techniques
Agile Requirements Gathering TechniquesAgile Requirements Gathering Techniques
Agile Requirements Gathering Techniques
Onur Demir
 
business requirements functional and non functional
business requirements functional and non functionalbusiness requirements functional and non functional
business requirements functional and non functional
CHANDRA KAMAL
 
ITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem ManagementITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem Management
Autotask
 
Running an Efficient Service Desk
Running an Efficient Service DeskRunning an Efficient Service Desk
Running an Efficient Service Desk
Autotask
 

Empfohlen

IT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, TrendIT / Help Desk Support Service : Introduction, Advantage, Trend
IT / Help Desk Support Service : Introduction, Advantage, Trend
Voyage Services Inc.
 
Provide first level remote help desk support
Provide first level remote help desk supportProvide first level remote help desk support
Provide first level remote help desk support
Gera Paulos
 
Technical Support Helpdesk
Technical Support HelpdeskTechnical Support Helpdesk
Technical Support Helpdesk
Gagan Singh
 
Helpdesk Services
Helpdesk ServicesHelpdesk Services
Helpdesk Services
Gss America
 
Agile Requirements Gathering Techniques
Agile Requirements Gathering TechniquesAgile Requirements Gathering Techniques
Agile Requirements Gathering Techniques
Onur Demir
 
business requirements functional and non functional
business requirements functional and non functionalbusiness requirements functional and non functional
business requirements functional and non functional
CHANDRA KAMAL
 
ITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem ManagementITIL and Autotask: Incident & Problem Management
ITIL and Autotask: Incident & Problem Management
Autotask
 
Running an Efficient Service Desk
Running an Efficient Service DeskRunning an Efficient Service Desk
Running an Efficient Service Desk
Autotask
 
Requirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationRequirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and Elicitation
Mohamed Shaaban
 
Managing a Major Incident
Managing a Major IncidentManaging a Major Incident
Managing a Major Incident
NUS-ISS
 
Technical Support Manual Training
Technical Support Manual TrainingTechnical Support Manual Training
Technical Support Manual Training
Superb Internet Training Division
 
Strategies for adopting self service and automation
Strategies for adopting self service and automationStrategies for adopting self service and automation
Strategies for adopting self service and automation
Dan Wilson
 
Resume - Sanjit Mitra
Resume - Sanjit MitraResume - Sanjit Mitra
Resume - Sanjit Mitra
Sanjit Mitra
 
Requirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessRequirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project Success
Elastic Path
 
End User Support Presentation
End User Support Presentation End User Support Presentation
End User Support Presentation
Self employed
 
Writing effective requirements
Writing effective requirementsWriting effective requirements
Writing effective requirements
Liz Lavaveshkul
 
Help Desk Presentation 09202009
Help Desk Presentation 09202009Help Desk Presentation 09202009
Help Desk Presentation 09202009
guest75acf2
 
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAJOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
Howard Thebeyapelo
 
Naveen Kumar Srivastav
Naveen Kumar SrivastavNaveen Kumar Srivastav
Naveen Kumar Srivastav
Naveen Srivastav
 
Uncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesUncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT Services
Net at Work
 
Asset Management Leading Practices
Asset Management Leading PracticesAsset Management Leading Practices
Asset Management Leading Practices
johnnyg14
 
IFS Service Desk
IFS Service DeskIFS Service Desk
IFS Service Desk
Envecon
 
06 business and functional requirements
06 business and functional requirements06 business and functional requirements
06 business and functional requirements
Namita Razdan
 
ASUG Utilities Presentation
ASUG Utilities PresentationASUG Utilities Presentation
ASUG Utilities Presentation
Michael Robinson
 
BPSim The Technical Support Use Case
BPSim The Technical Support Use CaseBPSim The Technical Support Use Case
BPSim The Technical Support Use Case
Denis Gagné
 
Erp process flow
Erp process flowErp process flow
Erp process flow
Kannathasan Meipporul
 
Requirements Management
Requirements ManagementRequirements Management
Requirements Management
Shwetha-BA
 
Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience FactorsSurveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
ippnw
 
CRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshopCRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshop
Trilateral Research
 
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Comsec
 

Weitere ähnliche Inhalte

Was ist angesagt?

Requirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationRequirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and Elicitation
Mohamed Shaaban
 
Strategies for adopting self service and automation
Strategies for adopting self service and automationStrategies for adopting self service and automation
Strategies for adopting self service and automation
Dan Wilson
 
Resume - Sanjit Mitra
Resume - Sanjit MitraResume - Sanjit Mitra
Resume - Sanjit Mitra
Sanjit Mitra
 
ASUG Utilities Presentation
ASUG Utilities PresentationASUG Utilities Presentation
ASUG Utilities Presentation
Michael Robinson
 
BPSim The Technical Support Use Case
BPSim The Technical Support Use CaseBPSim The Technical Support Use Case
BPSim The Technical Support Use Case
Denis Gagné
 
Requirements Management
Requirements ManagementRequirements Management
Requirements Management
Shwetha-BA
 

Was ist angesagt? (19)

Requirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and ElicitationRequirements Management Part 1 - Management and Elicitation
Requirements Management Part 1 - Management and Elicitation
 
Managing a Major Incident
Managing a Major IncidentManaging a Major Incident
Managing a Major Incident
 
Technical Support Manual Training
Technical Support Manual TrainingTechnical Support Manual Training
Technical Support Manual Training
 
Strategies for adopting self service and automation
Strategies for adopting self service and automationStrategies for adopting self service and automation
Strategies for adopting self service and automation
 
Resume - Sanjit Mitra
Resume - Sanjit MitraResume - Sanjit Mitra
Resume - Sanjit Mitra
 
Requirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project SuccessRequirements Diligence: The Cornerstone to Ecommerce Project Success
Requirements Diligence: The Cornerstone to Ecommerce Project Success
 
End User Support Presentation
End User Support Presentation End User Support Presentation
End User Support Presentation
 
Writing effective requirements
Writing effective requirementsWriting effective requirements
Writing effective requirements
 
Help Desk Presentation 09202009
Help Desk Presentation 09202009Help Desk Presentation 09202009
Help Desk Presentation 09202009
 
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIAJOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
JOB POST: SAP WORKFLOW & PA/ OM FUNCTIONAL CONSULTANT - PRETORIA
 
Naveen Kumar Srivastav
Naveen Kumar SrivastavNaveen Kumar Srivastav
Naveen Kumar Srivastav
 
Uncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT ServicesUncovering the Business Value of Managed IT Services
Uncovering the Business Value of Managed IT Services
 
Asset Management Leading Practices
Asset Management Leading PracticesAsset Management Leading Practices
Asset Management Leading Practices
 
IFS Service Desk
IFS Service DeskIFS Service Desk
IFS Service Desk
 
06 business and functional requirements
06 business and functional requirements06 business and functional requirements
06 business and functional requirements
 
ASUG Utilities Presentation
ASUG Utilities PresentationASUG Utilities Presentation
ASUG Utilities Presentation
 
BPSim The Technical Support Use Case
BPSim The Technical Support Use CaseBPSim The Technical Support Use Case
BPSim The Technical Support Use Case
 
Erp process flow
Erp process flowErp process flow
Erp process flow
 
Requirements Management
Requirements ManagementRequirements Management
Requirements Management
 

Andere mochten auch

Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience FactorsSurveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
ippnw
 
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
David Dunlap
 
Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11
Nancy Coq
 
Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)
Lj Wicks
 

Andere mochten auch (11)

Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience FactorsSurveillance Systems: Their Role in Identifying Risk and Resilience Factors
Surveillance Systems: Their Role in Identifying Risk and Resilience Factors
 
CRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshopCRISP WP3 stakeholder workshop
CRISP WP3 stakeholder workshop
 
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
Matrix Video Surveillance Solution: SATATYA - The Persistent Vision
 
CCTV Systems from CCTVfirst
CCTV Systems from CCTVfirstCCTV Systems from CCTVfirst
CCTV Systems from CCTVfirst
 
Satori WP1 slides
Satori WP1 slidesSatori WP1 slides
Satori WP1 slides
 
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
Stingray Partners-Draft Infrastructure One Presentation-April 2015 - A4
 
Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11Itech cdc malaria surveillance project sow 10.10.11
Itech cdc malaria surveillance project sow 10.10.11
 
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
Surveillance and E-Government: Real and Potential Threats to Privacy in Europ...
 
Security CCTV System Requirements Gathering Pack
Security CCTV System Requirements Gathering PackSecurity CCTV System Requirements Gathering Pack
Security CCTV System Requirements Gathering Pack
 
Safe City 1.0
Safe City 1.0Safe City 1.0
Safe City 1.0
 
Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)Unlisted real estate funds lecture (1) (1)
Unlisted real estate funds lecture (1) (1)
 

Ähnlich wie Security Access Control Requirements Gathering Pack

Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Marketing wi comply
Marketing wi complyMarketing wi comply
Marketing wi comply
Craig Horsell
 
experience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptexperience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.ppt
PawachMetharattanara
 
NPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the BoxNPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the Box
Marla Williams
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 

Ähnlich wie Security Access Control Requirements Gathering Pack (20)

crisc_wk_4.pptx
crisc_wk_4.pptxcrisc_wk_4.pptx
crisc_wk_4.pptx
 
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Marketing wi comply
Marketing wi complyMarketing wi comply
Marketing wi comply
 
Soc
SocSoc
Soc
 
experience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptexperience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.ppt
 
ITIL-v3-Incident-Management-Process-PPT-RED.pdf
ITIL-v3-Incident-Management-Process-PPT-RED.pdfITIL-v3-Incident-Management-Process-PPT-RED.pdf
ITIL-v3-Incident-Management-Process-PPT-RED.pdf
 
CISA_WK_2.pptx
CISA_WK_2.pptxCISA_WK_2.pptx
CISA_WK_2.pptx
 
kinerja smk3
kinerja smk3kinerja smk3
kinerja smk3
 
Types_of_Access_Controlsggggggggggggggggg
Types_of_Access_ControlsgggggggggggggggggTypes_of_Access_Controlsggggggggggggggggg
Types_of_Access_Controlsggggggggggggggggg
 
NPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the BoxNPMA Physical Inventory - Beyond Scanning and Checking the Box
NPMA Physical Inventory - Beyond Scanning and Checking the Box
 
ITIL # Lecture 8
ITIL # Lecture 8ITIL # Lecture 8
ITIL # Lecture 8
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptx
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
PECB Webinar: Performing an EMS Audit (gathering objective evidence) – closer...
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Security Access Control Requirements Gathering Pack

  • 1. Access Control Requirements Gathering Session 1
  • 2. • The business requirements will form the basis of future projects and will determine the eventual scope. • If a ‘need’ is not raised as a requirement, the project will not know that the system must perform an action- therefore it will not be included within the scope of the project or included within the end solution. • The requirements will be base-lined at the end of the Initiate Phase. Any requirements submitted after this date will not be accepted without a change request and associated funding (where applicable). • The identified business stakeholders are responsible for ensuring that all requirements are raised during the Initiate Requirements gathering process. The Importance of Requirement Gathering
  • 3. • Review each area of Access Control functionality. • Prepare a set of draft Access Control BUSINESS requirements for each of the functional areas. • Agree a priority for each draft requirement. • Agree next steps, actions and areas for further investigation. Workshop 1 Objectives
  • 5. • What threats are present? • What are the drivers for an access control system? i.e. controlling visitor numbers, protecting people, protecting assets, anti-tailgating, anti-pass back, etc? • Who and what are we trying to protect? Defining the Nature of the Threat- Discussion
  • 7. • What general areas need to be controlled?- areas, rooms, locations etc? • What exceptions exist?- i.e. Fire Exits etc? • What areas require enhanced access control?- i.e. Equipment Rooms, Data Centres etc • Why do these areas need to be controlled? What is the related threat? • What is the level of risk associated with these areas? • What is the function of installing control in these areas? Areas of Concern (General)- Discussion
  • 8. • What vulnerable points exist for each area to be controlled?- doors, windows, air conditioning shafts, conduits etc • What points should have access control? • Should access be controlled on a location by location basis or should access be controlled to area ‘types’? Areas of Concern (Specific)- Discussion
  • 10. • Are there any legal requirements? Health & Safety or Disability & Discrimination Act? • How should access control act in case of an emergency?- i.e. release on emergency? • What is the definition of an emergency? • What fire officer requirements exist? • What provisions should be granted to the blue light services? • What are the requirements for disabled access? • When will the access system be operation? 247/ 365 or night time only? Health & Safety- Discussion
  • 11. Type of Access Control
  • 12. • Should the system be automatic or manned? • What types of barriers should be used for each of the areas in scope?- door locks, arm barriers, vehicle block devices etc? • What types of additional barriers should be used for the priority locations?- electronic keys, finger print scanning? • What type of verification measures should be used? Electronic key card, IRIS scan, Finger print recognition, ID codes, keys etc. • What should the user do when access is denied? Should an intercom system be present? Types of Access Control- Discussion
  • 13. • How often will the access control be used in each of the areas? • What level of security should be in place? • If the power drops what should happen? • Anti-Tamper mechanisms? Technical Details Discussion
  • 15. • How will access control be managed?- customer, Staff, Disabled Visitors/ Staff, Contractors etc? • What information will be captured against each person granted access? Name, address, role, date given, expiry date etc? • What period should access be granted for? • What types of protected access should be provided? • How will deliveries be controlled? • Where will data entry and monitoring of alarm activity take place? • How will data for entry or modification be gathered? • How will security clearance be processed? Operational Issues- Discussion
  • 17. • Should there be integration between the Access Control System and other systems? i.e. CCTV system? • What information should pass between the systems? Integration Discussion
  • 19. • What information should the system capture? • Successful access- user ID, time, location etc.? • Unsuccessful access- user ID, time, location, number of attempts etc.? • Should information be captured and available to view in real time? i.e. should it be possible to identify where an individual is located at all time? • What reports should be available from the system? • Should the system automatically alert based on event triggers? If so, what events should trigger alerts and how should the system alert? • What should the system do in the event of a breach? – i.e. a door is forced? Management Information & Reporting Discussion
  • 20. • What should the system do in the event that an access control point fails in the following scenarios: • Access point looses power • Access point fails- i.e. reader not able to read card • Access point operational but input not detected- i.e. an issue with the card. • Access point breached? Support & Maintenance Discussion