Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave
Assessment on Outsourcing SOC to MSSP: Identity and Access Management Issues

Identity and Access Management Issues in Outsourcing SOC to MSSP

A government agency has hired you, “the information security consultant,” to perform an initial assessment (as a part of the due diligence) on a new initiative they are required to take on. This initiative will involve a strategic partnership with a Managed Security Services Provider (MSSP). The government agency will be outsourcing their security operations center (SOC) to the MSSP. The outsourced SOC will be responsible to manage all security incidents pertaining to the government agency and will be the first point of contact for all such incidents. The SOC also will also perform Identity and Access provisioning for the agency’s employees and as such will need privileged access to the agency’s critical access and data. As a part of the due diligence, the senior management is interested to know the following as it pertains to asset and access management: Discuss the identity and access management issues that might arise due to the nature of the above engagement. Discuss the role that asset and data classification will play in determining what information will the MSSP be allowed to access and how that determination is made. Discuss how you will ensure that the MSSP complies with the best practices around identity and access provisioning lifecycle. How will a determination be made as to what authorization mechanisms will be used for the MSSP users that access the agency’s assets/data? (RBAC, Rule-based, MAC, DAC). What considerations need to be discussed to prevent or mitigate access control attacks?

support
close