The four major areas one must  consider when collecting and writing security requirements documents ar

The four major areas one must  consider when collecting and writing security requirements documents are;

User Management, Data Management, Access Control and Auditing

However, select (1) of the following major areas and develop a report to management outlining and identifying the specific questions that would need to be asked and addressed in order to determine that adequate access controls are in place to mitigate the inherent risks associated with these major areas.

Please be sure that your response not only lists the specific questions to be asked but, that you also identify which type of access control (see list below) that each question is designed to assess.

Access Controls

• Administrative controls: Policies approved by management and passed down to staff, such as policies on password length.
• Logical/technical controls: Control access to a computer system or network, such as a username and password combination
• Hardware controls: Equipment that checks and validates IDs, such as a smart-card for or security token for multifactor authentication.
• Software controls: Controls embedded in operating system and application software, such as NTFS permissions.
• Physical controls: Control entry into buildings, parking lots, and protected areas, such as a lock on an office door.