Evaluating Access Control Methods

User Generated

QVNZBAQPW

Computer Science

CIS 349

Description

Evaluating Access Control Methods

Imagine that you are the Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization's current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next meeting. Further, the CSO would like your help in determining the best access control method for the organization.

Write a three to five page paper in which you:

  1. Explain in your own words the elements of the following methods of access control:
    1. Mandatory access control (MAC)
    2. Discretionary access control (DAC)
    3. Role-based access control (RBAC)
  2. Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC.
  3. Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
  4. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
  5. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
  6. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Analyze information security systems compliance requirements within the User Domain.
  • Use technology and information resources to research issues in security strategy and policy formation.
  • Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: EVALUATING THE ACCESS CONTROL SYSTEM

Evaluating the Access Control System
Student’s Name
Professor Name
Course Title
Date

1

EVALUATING THE ACCESS CONTROL SYSTEM

2

Evaluating the Access Control System
Access control systems are one of the valuable and crucial assets of an organization.
Advancement in technology and expansion of the internet has led to a significant growth of
numerous online businesses. Today, nearly all organization operations are done over the
internet. Staffs within an organization are now using the internet to communicate and share
information amongst them. Organizations have become more dependable in their
information systems; they are using information systems to save their data since Information
is the most valuable and vital business asset.
However, advancement in technology and an increase in the use of the internet
have also led to the emergence of new security threats, (Coull 2011). Malicious code, denial
of service, virus and computer hacking are becoming more common, ambitious and
sophisticated. Hackers are using malicious programs that can be inadvertently installed on a
user’s machine and phishing staffs’ confidential information. The previous security measures
aren’t adequate to keep organization information and resources safe. Businesses and
organization are still looking for new methods to avoid and evade security threats. In my
essay, have analyzed three access control systems that can be implemented in an organization
to ensure that organizations’ information and resources are appropriately protected from any
unauthorized personnel s.
Coull (2011), defines security as a state of being secure, that is free from any harm.
Information security refers to implementing actions and procedures that prevent and protects
an organization from adverse consequences which results from the unwanted and intentional
actions of others. Organization information and resources must be protected from
unauthorized access and use, disruption, disclosure, destruction or modification of
information to provide availability, consistency, integrity, and confidentiality of organization

EVALUATING THE ACCESS CONTROL SYSTEM

3

information. Availability of information ensures timely and reliable access to and use of
in...


Anonymous
Great content here. Definitely a returning customer.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags