Good Example Of Folder/ File Permissions Oversight And Overview Essay

The objectives of information security are: confidentiality, which is concerned with preventing unauthorised access to information; integrity, which is concerned with preventing unauthorised modifications to information; availability, which is concerned with users being able to access information that they are authorised to access whenever they want to access it (Guttmann & Roback, 1995).
In the situation where anyone can access information in the form of files/ folders, then it is quite obvious that the three objectives of information security will never be realised. The enforcement of file and folder permissions is therefore necessary as a step in realising the above mentioned objectives of information security. This will ensure that only authorised users in a given organisation can access documents for which they have the authority to access, and therefore this is the best practice that should be adopted by any organization.

Below are some of the concepts/types of file/folder permissions:

Access Control List (ACL) – a list containing entries for user groups and user accounts and their permissions.
Access Control Entry (ACE) – an entry to the ACL allowing or denying specific permissions to an object by a user or group.

Full Control – users can do everything with files/ folders and their properties

Modify - Users can view and modify files and file properties, including deleting and adding files to a folder or file properties to a file

List folder contents- allows users or groups to view the contents of a folder

Write - Users can write to a file.
In order to convince the business unit leaders to implement a plan for resource segregation, it will be important to inform them of the risks that exist if the status quo was to be maintained; a situation where every file or folder is accessible to anyone who wishes to access them.
Cases of data theft could always occur. This may seem trivial where non-sensitive information is concerned. What if an employee gains access to some document and obtains interview questions for the recruitment to a certain position in the organisation, and shares it with a candidate? Will that not jeopardize the recruitment exercise? What if an employee, on an espionage mission, gained access to a document detailing the marketing plan for the company? Scenarios like this, or even worse, could occur and the only way to avert them would be to enforce resource and data segregation.
A justification for using New Technology File System (NTFS) permissions is its ability to affect both local users and network users. Additionally, it is an out of the box feature meaning that one does not have to install additional software to start using it.
As a plan to utilise Active Directory and Group Policy Objects to achieve the goal of setting secure permissions on business resources, the following will have to be done:

Design organizational unit (OU) structure for Group Policy manageability

Do an infrastructural change on the current network to include a server(s) with Active Directory Domain Services role.
Join all the computers to be managed by Group Policy to the domain

References

Guttman, B. & Roback, E. (1995). An Introduction to Computer Security: The NIST Handbook. NIST Publications
Microsoft. (2014). File and Folder Permissions. Retrieved 26 January, 2015 from <https://msdn.microsoft.com/en-us/library/bb727008.aspx>
NTFS. (2014). File and Folder Advanced Permissions. Retrieved 26 January, 2015 from <http://www.ntfs.com/ntfs-permissions-file-advanced.htm>