UCS422 ASSIGNMENT

1.3 Vision

Focuses on becoming a top technological service provider renowned for quality, client focus,
and strong security measures. Creating trust amongst suppliers/vendors to be a trusted and
preferred choice for organizations searching for safe and trustworthy technological solutions.

1.4 Mission

Prioritising and providing innovative and dependable technological services, as well as

guaranteeing client happiness and upholding integrity and security, are all priorities.2.1
Access Control
2.1 Access Control

2.1.1 Introduction

Based on the subtopic given, according to the data in "Importance of Access Control in IT
Security." InfoSec Resources, 18 Dec. 2019: In order to strengthen the company's overall
security, a number of security issues need to be resolved. Access control methods are one
way to lessen these risks. The following access control methods have been suggested to
improve the security of the business. There are many different approaches and technologies
that can be used for access control, such as logical and physical access control systems.
Physical access control uses locks, keycards, biometric systems, and security cameras to
regulate physical entry into buildings, rooms, or other locations. A logical access control
system uses encryption, multi-factor authentication, role-based access control, passwords,
and access privileges to regulate it.

2.1.2 Objective

The aim of the company's purpose to enhance security is to safeguard company assets.
Access control is crucial to preventing theft, damage, and unauthorised access to the
company's digital and physical assets, which include sensitive data, equipment, and data.
Next, maintaining secrecy is the aim of access control. to protect the privacy of classified
information and stop sensitive material from being improperly disclosed or leaked to outside
parties or other employees of the company. In addition, it seeks to safeguard data accuracy
by improving data integrity and preventing unauthorised alteration, manipulation, or
corruption. accuracy as well as dependability.

The next step in mitigating security risks is to detect and manage security
vulnerabilities and hazards, including as theft, unauthorised access, data breaches, and
physical threats, in order to reduce any potential impact on the business's operations,
reputation, and finances. Enhancing operational efficiency comes last. Use access control
techniques to increase output, expedite processes, and lessen disruptions from security
events or unauthorised access to crucial systems. The business will be able to significantly
strengthen its overall security posture, safeguard its assets, maintain customer confidence,
and reduce any risks to its operations and reputation by achieving these goals.
2.1.3 What the Propose of Access Control to Improve the Company Security?

According to the data in "Access Control." CIS Controls, Centre for Internet Security,
Version 8.0, (2020), a number of security issues need to be resolved in order to enhance the
overall security of the business. Access control measures can help to lessen these risks.
The following access control techniques have been proposed to strengthen the security of
the business. Physical Access Control comes first. They ought to Install access control
systems at the entrances to the warehouse and administrative offices. Biometric or keycard
systems can be employed to stop unauthorised access. To monitor activity and deter theft or
unauthorised entry, they should also install video surveillance systems in high-traffic areas
like server rooms, storage areas, and entrances. Entry to key areas of the administrative
office, including the data centre,

Logical Access Control is another big major factor for access control. Hence, it is
necessary to encourage a company to implement better user authentication protocols for
computerised information systems, such as multifactor authentication using biometrics and
sample passwords, in order to improve access security through logical access management.
Enforce strict password laws, such as regular password changes and complexity
requirements, to reduce the danger of unauthorised access. To ensure that employees only
have access to the systems and information needed to carry out their job responsibilities,
implement role-based access control. Employees who regularly change positions or leave
the company should have their access credentials evaluated and revoked to avoid
unauthorised access to systems and data.

Furthermore, data security is being considered as one of the biggest aspects of

access control. To precise about data security, which encrypts private information while it's
on servers and in transit to guard against unauthorised access or interception. Use data loss
prevention strategies both outside and internally to spot and stop theft or unauthorised data
leaks. Establish regular data backup procedures to ensure that information may be
recovered in the event of a system malfunction or security breach. Apart from it, instruction
and training in security. Through security awareness seminars, staff members should be
taught about security best practices like password hygiene, phishing awareness, and the
need of data protection. Establish a transparent and binding information security policy that
specifies expected employee conduct and the consequences of violating the policy.
 Workers should receive training on handling sensitive material and the value of
maintaining secrecy. Finally, even though access control methods can strengthen security,
they should only be applied in concert with an all-encompassing security strategy that
incorporates regular risk assessments, ongoing observation, and employee training. It is
also suggested that the most important areas be chosen in light of the budget limitations,
taking into account the specific risks and weaknesses of the organisation.

2.1.4 Conclusion

In conclusion, enhancing the security of an organisation such as SkyTech Sdn Bhd

requires the implementation of suitable access control methods. By fixing the security issues
and flaws the scenario reveals, the business may protect its resources, uphold
confidentiality, preserve data integrity, and lower security threats. Access control methods
that incorporate both logical and physical security restrictions include role-based access
control, encrypted communication, restricted entry systems, user authentication methods,
and monitoring tools. By putting access control methods in place, SkyTech can build a
secure environment that protects its operations, lowers the risk of theft and unauthorised
access, and maintains vital information.

A comprehensive security framework also includes regulatory compliance, creating a

security-conscious culture, and improving security protocols with suppliers and partners. By
prioritising security advancements and investing in access control, SkyTech can minimise
the impact of security breaches, maintain customer trust, and maximise operating efficiency.
Regular analysis and adjustment of access control techniques is essential to stay up to date
with evolving security threats and technology advancements. All things considered, access
control is essential to enhancing the business's security posture and preserving SkyTech
Sdn Bhd's resilience and long-term success.
2.2 Physical Security

2.2.1 Introduction

According to Michael Cobb's January 2023 journal, physical security refers to the
precautions taken to safeguard an organization's tangible assets, such as its personnel,
equipment, and data. Access controls, surveillance systems, and security guards are
examples of physical security measures. Preventing theft, unwanted access, and physical
asset damage is the aim of physical security.

2.2.2 Importance Of Cyber- Physical Security

The convergence of physical identity and cyber identity, according to Aayushi Sanghavi,
November 17, 2022, refers to the merging of digital and physical identity management
systems, enabling organisations to handle both aspects of identification in a more
comprehensive and safe manner. The combination of physical and digital assets can yield
substantial advantages for workplace security by facilitating improved control over access,
mitigating the danger of identity theft, and enhancing overall security posture. The following
are some ways that workplace security is enhanced by the convergence of physical
identification and cyber identity. (NST Business, 2023).

Identity verification process is by combining physical and digital identity management

systems, businesses can use PINs, smart cards, and biometrics to confirm an individual's
identification. Therefore, in this instance, Skytech Sdn Bhd must validate each employee's
identity card; if this isn't the case, they won't be allowed entry to their office or building.
Another thing is access control that can help organisations may more effectively regulate
who has access to digital and physical assets by integrating physical and digital access
control solutions. Additionally, Skytech must designate one or two individuals with system
access or control. This will stop unforeseen events from occurring in the future.

Next, for threat detection is help enhancing threat detection skills can be achieved by
integrating digital and physical identity management systems. CCTV-based image
recognition can notify everyone when persons or cars are approaching. More advanced
systems allow for facial or even walk recognition throughout entire buildings, alerting the
business if an employee is somewhere they shouldn't be or if an unfamiliar individual is
there. Unusual behaviour can be detected via access controls integrated with behavioural
analytics. Drone makers are increasingly attempting to incorporate automated, unmanned
capabilities, and Skytech Sdn Bhd is starting to deploy drones for facility surveillance.

Reference

NST Business. (2023). Sapura Secured Technologies, System Consultancy Services In Mou
To Strengthen The Malaysian Armed Forces' Command-And-Control Capabilities.
Retrieved from https://www.nst.com.my/business/2023/05/914306/sapura-secured-
technologies-system-consultancy-services-mou-strengthen

Sapura Secured Tech Technologies. Retrieved from https://www.sapuratech.com.my/