Answered You can buy a ready-made answer or pick a professional tutor to order an original one.

QUESTION

Assignment 3 Evaluating Access Control Methods

Imagine that you are the Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization's current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next meeting. Further, the CSO would like your help in determining the best access control method for the organization.

Write a three to five page paper in which you:

  1. Explain in your own words the elements of the following methods of access control:
    1. Mandatory access control (MAC)
    2. Discretionary access control (DAC)
    3. Role-based access control (RBAC)
  2. Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC.
  3. Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
  4. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
  5. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
  6. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
Show more
  • @
  • 165 orders completed
ANSWER

Tutor has posted answer for $30.00. See answer's preview

$30.00

****************** ****** Control ************* Information ********** ***** *** ControlNovember ** 2016  AbstractImagine *** *** ** *********** System ******** Specialist *** * medium-sized federal ********** contractor *** Chief ******** ******* ***** is ******* **** *** **************** ******* methods ** ****** ******* are ** ****** ********** ** ***** ** ******** *** different ******* ** ****** ******* *** *** has requested * ****** ********* ********* ****** control (MAC) ************* ****** ******* ***** *** ********** ****** ******* (RBAC) The *** has ***** that *** report include ******** and ******** ******* ** **** control ************************************************ Access Control ********** ******* **** ********* *** ************ ********** ** ****** ** ************ ***** to utilize a process ** ********* only necessary access *** * ****** to ** ***** *** and remove *** *********** ********** **** ******* ** *** ********* ** ***** ********* ********** *** identifying *** ******** process ************ (BPR’s) of a ****** **** ***** the ********* and *** functions ******** ** ******** * ******* ********* *** three ******* of ***** ****************** ****** ******* (MAC) ********** ************* base access ** classifications *** **** ********* ******* ** ** access are ***** a ************** *** ******** **** ******** *** **** given * classification *** ******** ***** **** *** classification *** *** **************** *** example clearance level **** *** ******* ** ****** ****** to *** object ******* this ***** *** ****** ** an ****** *** ******* ********** *** ********** ** **** ** ** ********* ****** ******* *** ************* ************ *** ********* ***** has ******* * ******** ********* *** the **** ******** *************** ** ********* ********* *** ************** ****** Typically * ********* ******* ** used **** ** *** ************ Basis rule This rule requires the ****** ********** ****** to ** ****** ***** * **** ** *********** for ***** *** ** access the ****** **** ** **** ****** *** ***** flexible ****** ** ****** ******* and it ******** significant ******** *** ******** ******* maintenance(JayantD Swapnaja A Sulabha * &Dattatray * ******************** ****** ******* ***** ****** ** based upon groups ****** ***** ************** ***** to ***** based upon ***** ********** **** ****** the greatest *********** and ******** *** least ****** ** ******* *********** however ** ******** * **** inconsistent method ** ****** ** *** example ** ******* ******** many users ******* access ***** ***** ** * **** disparity ** ****** **** **** **** ******* to users ******** Swapnaja A ******* S ************** G *************** ****** ******* ****** ****** ** ********** ***** upon * ******** *** ******** * **** ** ***** *********** ** functions in * ****** **** * **** is added to a **** to ****** **** ** ******** ***** *** functions Generally ** ****** ******* **** (ACL) ** ********** **** ***** and permissions ***** **** *** title **** method ******** * balanced ******** to access ******* ******* *** **** *** least privilege ***** ********* a ******** ****** ** ****** ** maintain ** ******** a ****** ****** level for the initial build of **** method This ****** ** ****** **** ** *** commercial non-governmental industries(Galante 2009) Suggest ****** ***** **** ** * ********** organization ***** most ****** will **** ** maintain access ******** ***** upon security ********* ************ *** ********* ****** ******* ***** ****** ** *** most *********** ************ **** * ********* ************ **** ***** provide flexibility ***** requiring ****** ***** ******************** ********* access ******* ***** **** have ************* ** the **** *********** **** ** ********* objects the appropriate ************** *** category ********* *********** ********** *** input **** *** organization’s ************ Assigning * ************** ***** grants ****** ** * user *** ****** *** have access ***** have *********** consequences imaging * *** clearance level ********** ********** ****** ****** ** a *** secret object ReferencesGalanteV *************** Role-Based ****** ****************** Security ******** A ****** **************** ***** ************************************ ******** AU ******* SA ************** ** ****** ******** of *** *** **** ****** ******* ***** Models for ********************* ******* ** Computer ****************** 6-13 doi:105120/18196-9115Weiss * * ***** ******* M G (2011)Auditing ** *************** *** ********** ******* *** ***** ***** Bartlett **********

Click here to download attached files: Evaluating Access Control Methods.docx
or Buy custom answer
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question