Assessing Access Controls – Worksheet

Overview

In this activity, I will assess the access controls used by a business. I’ll analyze their current process, identify issues, and make recommendations to improve their security practices.

Previously, I learned that access controls are security controls that manage access, authorization, and accountability of information. Authentication controls verify who someone is, whereas authorization controls grant a user permissions and set limits on what they’re allowed to do. When done well, access controls are the key to decreasing the likelihood of a security risk.

I must complete this worksheet before moving on. The next course item will provide me with a completed exemplar to compare against my own work.

Scenario

I’m the first cybersecurity professional hired by a growing business. Recently, a deposit was made from the business to an unknown bank account. The finance manager says they didn’t make a mistake. Fortunately, they were able to stop the payment. The owner has asked me to investigate what happened to prevent any future incidents.

To do this, I need to perform some accounting on the incident to better understand what occurred. First, I will review the access log of the incident. Next, I will take notes that can help me identify a possible threat actor. Then, I will spot issues with the access controls that were exploited by the user. Finally, I will recommend mitigations that can improve the business’s access controls and reduce the likelihood that this incident reoccurs.

Access Controls Worksheet

Note(s) Issue(s) Recommendation(s)
Authorization / Authentication
  • I see in the Event log that “asmith” (employee ID 104) accessed the payroll folder on 2025-06-01 at 23:15 from IP 203.0.113.45, which is outside our normal office network.
  • Just two minutes later (23:17), “asmith” edited the bank-account field in the payroll spreadsheet. According to the Employee directory, asmith is listed as a Sales Representative – not Finance – so this modification is unexpected.
  • All employees share a single “Employee” role on the cloud drive, so non-finance staff (like sales reps) can view and modify payroll files. There is no role-based restriction.
  • There is no multi-factor authentication (MFA) or IP restriction on the cloud drive. That means anyone with valid credentials (even if they’re not in Finance) can log in from any location at any time and change sensitive data.
  • I recommend implementing role-based access control so that only users in the Finance department (e.g., Payroll Clerk, Finance Manager) have write (modify) permissions on payroll files. Sales, HR, and other departments should have read-only or no access to that folder.
  • I recommend enforcing multi-factor authentication for every user who accesses the cloud drive. In addition, I’d restrict login attempts to our office VPN IP range during business hours (e.g., 8 AM – 6 PM).
  • I also suggest setting up automated alerts for any modification attempt on the payroll spreadsheet made by someone not in Finance. That way, I (or the security team) can investigate immediately whenever a non-authorized user tries to edit.

Conclusion

By completing this worksheet, I have captured key event details, identified access control issues, and proposed actionable recommendations to prevent future incidents. Implementing role‐based controls, enforcing MFA, and setting up alerting will strengthen the business’s security posture.

← Back to Portfolio