Introduction
In the field of information security, access control refers to the selective restriction of access to a resource. It is a security technique that is used to regulate who or what can use or view a resource within a computing environment. Basically, there are two main types of access controls namely logical and physical. Physical access control will limit the physical access to buildings, and IT assets, while logical access will limit connection to computer networks, data, and system files (Younis, Kifayat, & Merabti, 2014). Access control systems are charged with performing identification, authorization, authentication, approval, access, and accountability of the entities by using login credentials. There are three main types of access control that will be discussed in this paper namely mandatory access control, discretionary access control, and role-based access control.
Elements of Access Control
Mandatory access control (MAC) is a security strategy where only the administrator has the ability to determine access control. This means resource owners will be restricted in their ability to deny or grant access to their resource object within a file system (Younis et al., 2014). MAC criteria are strictly enforced by the operating system and cannot be altered by the end users. Discretionary access control (DAC) is a security strategy where the owner of the file or object will determine the subjects or individual who can access the object (Choi, Choi, & Kim, 2014). This access control strategy is referred to as discretionary because control of access is determined at the discretion of the owner. Role-based access control (RBAC) is an access control strategy that is based on the roles of the individual users within an enterprise. The roles are mostly defined according to authority, job competency, and responsibility within the enterprise.
Positive and Negative Aspects of Each Access Control
The advantages of using MAC is it provides tighter...
References
Choi, C., Choi, J., & Kim, P. (2014). Ontology-based access control model for security policy reasoning in cloud computing. The Journal of Supercomputing, 67(3), 711-722.
Fadhel, A. B., Bianculli, D., & Briand, L. (2015). A comprehensive modeling framework for role-based access control policies. Journal of Systems and Software, 107, 110-126.
Kerr, L., & Alves-Foss, J. (2016). Combining Mandatory and Attribute-Based Access Control. Paper presented at the System Sciences (HICSS), 2016 49th Hawaii International Conference on.
Younis, Y. A., Kifayat, K., & Merabti, M. (2014). An access control model for cloud computing. Journal of Information Security and Applications, 19(1), 45-60.
" (Tolone, Ahn, Pai, et al. 2005 P. 37). Table 1 provides the summary of the evaluation of various criteria mentioned in the paper. The table uses comparative terminology such as High, Medium and Low and, descriptive terminology such as Active, Passive, and Simple, and the standard Yes (Y) and No (N). The research provides the solutions based in the problems identified with the access controls evaluated. Table I: Evaluation of Access
Information Systems Outsourcing Advantage and Risks There appears to be some confusion and trepidation about the use of outsourcing for Information Systems in today's organizations. While some advocate for the use of IS outsourcing still others state claims that it is not an effective or efficient organizational practice. The objective of the research contained in this study is to determine the effectiveness and efficiency of information systems outsourcing practices. The significance of the
Information System MIS stands for "Management Information System." It is one of the computer-based tools to manage organizational operations efficiently. It consists of software that managers' use in making decision, for data storage, in project management applications, for records and procedures for making customers relations etc. Nowadays most of the organizations have separate MIS department which is basically responsible for computer systems. MIS is also called "Information System" or "Information Technology."
Access controls are widely used today. Can you discuss some controls that have had a great degree of success? Which ones if any are not very useful and why? Although access controls on television, such as the V-chip, have met with mixed responses, on the Internet, richer labeling selection systems such as PICS, or Platform for Internet Content Selection, have "been able to establish Internet conventions for label formats and distribution
First, as Personal Trainer expands globally, the system will be available through web browsers anywhere in the world. Second, the ease of completing system upgrades across all users at the same time needs to be taken into consideration, and the use of the Web-based system architecture hosted on a Software-as-a-Service (SaaS) platform is critical. Third, by taking this approach Susan can b e assured there will be higher levels
These certificates are issued by the certification authorities (CAs) and they contain the name, expiration dates as well as serial numbers of the certificates. OS Hardening Operating system hardening is the process of addressing the various security issues and vulnerabilities in a given operating system via the implementation of the latest Operating system patches, updates, hotfixes as well procedures and policies that are necessary for reducing the number of attacks as well
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now