Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Introduction
In the field of information security, access control refers to the selective restriction of access to a resource. It is a security technique that is used to regulate who or what can use or view a resource within a computing environment. Basically, there are two main types of access controls namely logical and physical. Physical access control will limit the physical access to buildings, and IT assets, while logical access will limit connection to computer networks, data, and system files (Younis, Kifayat, & Merabti, 2014). Access control systems are charged with performing identification, authorization, authentication, approval, access, and accountability of the entities by using login credentials. There are three main types of access control that will be discussed in this paper namely mandatory access control, discretionary access control, and role-based access control.
Elements of Access Control
Mandatory access control (MAC) is a security strategy where only the administrator has the ability to determine access control. This means resource owners will be restricted in their ability to deny or grant access to their resource object within a file system (Younis et al., 2014). MAC criteria are strictly enforced by the operating system and cannot be altered by the end users. Discretionary access control (DAC) is a security strategy where the owner of the file or object will determine the subjects or individual who can access the object (Choi, Choi, & Kim, 2014). This access control strategy is referred to as discretionary because control of access is determined at the discretion of the owner. Role-based access control (RBAC) is an access control strategy that is based on the roles of the individual users within an enterprise. The roles are mostly defined according to authority, job competency, and responsibility within the enterprise.
Positive and Negative Aspects of Each Access Control
The advantages of using MAC is it provides tighter...
This ensures that only the authorized individuals will have access to the resources and an authorized individual can only access the resources that are within their clearance level. Another advantage is that MAC policies reduce security errors. This means that there are few instances of an individual being able to access a file that they are not authorized to access. The disadvantage of MAC is that it is more complex to manage the policy. Only highly experienced systems administrators are able to work with MAC enabled systems. Another disadvantage is that the model reduces the performance of the system because the system has to check accesses and access rule before granting access to an individual.
The advantage of DAC is that is easy to implement. This means that one can have a security policy setup quite easily without the need for much knowledge or understanding of information security. When using DAC, it is possible for a user to transfer ownership of an object to another user (Choi et al., 2014). The disadvantage of DAC is its inherent vulnerabilities to malicious programs. DAC is vulnerable to processes because it can execute malicious programs.
RBAC has the advantage of reducing administrative work. When using RBAC one is able to add and switch roles quickly and have them implemented globally across platforms, operating systems, and applications (Fadhel, Bianculli, & Briand, 2015). There is also a reduced potential for errors when assigning user permissions. RBAC also has the advantage of maximizing operational efficiency in that all the roles can be aligned with the organizational structure of the company. RBAC is prone to role explosion. In most instances, most administrators will add roles to users, but they will not remove the roles when the user’s role changes.
Possible Methods for Mitigate the Negative Aspects of Each Access Control Type…
References
Choi, C., Choi, J., & Kim, P. (2014). Ontology-based access control model for security policy reasoning in cloud computing. The Journal of Supercomputing, 67(3), 711-722.
Fadhel, A. B., Bianculli, D., & Briand, L. (2015). A comprehensive modeling framework for role-based access control policies. Journal of Systems and Software, 107, 110-126.
Kerr, L., & Alves-Foss, J. (2016). Combining Mandatory and Attribute-Based Access Control. Paper presented at the System Sciences (HICSS), 2016 49th Hawaii International Conference on.
Younis, Y. A., Kifayat, K., & Merabti, M. (2014). An access control model for cloud computing. Journal of Information Security and Applications, 19(1), 45-60.
" (Tolone, Ahn, Pai, et al. 2005 P. 37). Table 1 provides the summary of the evaluation of various criteria mentioned in the paper. The table uses comparative terminology such as High, Medium and Low and, descriptive terminology such as Active, Passive, and Simple, and the standard Yes (Y) and No (N). The research provides the solutions based in the problems identified with the access controls evaluated. Table I: Evaluation of Access
Information Systems Outsourcing Advantage and Risks There appears to be some confusion and trepidation about the use of outsourcing for Information Systems in today's organizations. While some advocate for the use of IS outsourcing still others state claims that it is not an effective or efficient organizational practice. The objective of the research contained in this study is to determine the effectiveness and efficiency of information systems outsourcing practices. The significance of the
Information System MIS stands for "Management Information System." It is one of the computer-based tools to manage organizational operations efficiently. It consists of software that managers' use in making decision, for data storage, in project management applications, for records and procedures for making customers relations etc. Nowadays most of the organizations have separate MIS department which is basically responsible for computer systems. MIS is also called "Information System" or "Information Technology."
Access controls are widely used today. Can you discuss some controls that have had a great degree of success? Which ones if any are not very useful and why? Although access controls on television, such as the V-chip, have met with mixed responses, on the Internet, richer labeling selection systems such as PICS, or Platform for Internet Content Selection, have "been able to establish Internet conventions for label formats and distribution
First, as Personal Trainer expands globally, the system will be available through web browsers anywhere in the world. Second, the ease of completing system upgrades across all users at the same time needs to be taken into consideration, and the use of the Web-based system architecture hosted on a Software-as-a-Service (SaaS) platform is critical. Third, by taking this approach Susan can b e assured there will be higher levels
These certificates are issued by the certification authorities (CAs) and they contain the name, expiration dates as well as serial numbers of the certificates. OS Hardening Operating system hardening is the process of addressing the various security issues and vulnerabilities in a given operating system via the implementation of the latest Operating system patches, updates, hotfixes as well procedures and policies that are necessary for reducing the number of attacks as well