Evaluating Access Control Methods

Question Description

Assignment 3: Evaluating Access Control Methods

Imagine that you are the Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization's current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next meeting. Further, the CSO would like your help in determining the best access control method for the organization.

Write a three to five page paper in which you:

  1. Explain in your own words the elements of the following methods of access control:
    1. Mandatory access control (MAC)
    2. Discretionary access control (DAC)
    3. Role-based access control (RBAC)
  2. Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC.
  3. Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
  4. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
  5. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
  6. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Final Answer



Evaluating Access Control Methods





Evaluating Access Control Methods
Access control involves the mechanisms that function to control the principal entities’
nature of access to the system resources which files they are allowed to read, which programs
they may execute, as well as how they share the data with other entities in the system. In essence,
it entails regulating access to system resources after authorization of the user account and the
authentication of their respective identity as well as the approval of the access to the system. The
objective of access control is to preserve the integrity and confidentiality of the system
information and its availability. Access control ensure provides only useful permissions to
subjects. This paper examines the core elements related to the mandatory access control (MAC),
discretionary access control (DAC), and role-based access control (RBAC) as well as the
challenges and strategy to address the respective challenges.
Mandatory Access Control- MAC
This is the most strict and fundamental of all the access control mechanisms. MAC
essentially incorporates a hierarchical mechanism that regulates access to the resources in the
system. Under this access control, the enforced access to the system resources is controlled by
establishing control m...

Missfomen (3152)
UT Austin

Top quality work from this tutor! I’ll be back!

Heard about Studypool for a while and finally tried it. Glad I did caus this was really helpful.

Thank you! Reasonably priced given the quality


Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors