You are the chief information security officer for a small company. You are asked to design appropriate controls for the payroll and inventory management systems. Following is a list of users and the types of activities each group wants to be able to perform:
User Group
Desired Privileges Sales Officer Read records in the inventory master file
Inventory control Officer
Read, create, modify and delete inventory file records Payroll clerk Read and modify payroll file records
HR manager
Read, create, modify and delete payroll file records Payroll programmer Process payroll records, read payroll file and payroll transaction file records
Inventory manager
Process inventory records, read both inventory file and inventory transaction file records Yourself Perform all possible actions on all files Operations Manager Read and modify files Messenger Can’t perform any function in the system
CEO Read, create, modify and delete all files
Required:
a. Develop your own codes for access rights and create an Access Control Matrix that gives each user group its desired level of access to each file.