Authentication, authorization and access controls can be handled at a multitude of levels and depths. Aventar now has doctors/facilities all over the United States that need to access the network and

Authentication, authorization and access controls can be handled at a multitude of levels and depths. Aventar now has doctors/facilities all over the United States that need to access the network and the customer information database/application, but there is a major concern about security.

You are to create a security plan discussing the implementation of the following concepts. Your plan should be at least 3 pages.

• How would you divide your application into anonymous, normal, privileged, and administrative areas? How could you reduce the attack surface by carefully mapping roles with data and functionality? Use role-based access control (RBAC) to enforce the roles at the appropriate boundaries.
• How would you ensure that you perform access control checks related to your business logic? These checks may be different than the access control checks that you apply to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor.
• Address how you would handle errors, exceptions and other error handling issues.