Do you know infrastructure?

???orig.sa.logo.text???

???orig.print.label???

???orig.help.label???

CIS349007PA037-1178-001 - Info Tech Audit and Control

Week 6 Assignment 3 - Submit Here

Harry Bard on Wed, Nov 15 2017, 7:07 PM 34% highest match Submission ID: 8bf9c807-af0d-492f-a94c-a475933303d0

• Assignment 3 Evaluating access control methods.docx

  Word Count: 1,061

  Attachment ID: 188247019

  34%

Citations (9/9)

1. 1 Another student's paper ???orig.citation.highlight.msg???
2. 2 Another student's paper ???orig.citation.highlight.msg???
3. 3 Another student's paper ???orig.citation.highlight.msg???
4. 4 Another student's paper ???orig.citation.highlight.msg???
5. 5 Another student's paper ???orig.citation.highlight.msg???
6. 6 Another student's paper ???orig.citation.highlight.msg???
7. 7 http://www.vldb.org/dblp/db/indices/a-tree/b/Bonatti:Piero_A=.html ???orig.citation.highlight.msg???
8. 8 ProQuest Document ???orig.citation.highlight.msg???
9. 9 Another student's paper ???orig.citation.highlight.msg???

Running head: 1 EVALUATING ACCESS CONTROL METHODS EVALUATING ACCESS CONTROL METHODS 6 Suspected Entry: 80% match Uploaded - Assignment 3 Evaluating access control methods.docx EVALUATING ACCESS CONTROL METHODS EVALUATING ACCESS CONTROL METHODS 6 Source - Another student's paper EVALUATING ACCESS CONTROL METHODS 1 EVALUATING ACCESS CONTROL METHODS 2 2 Evaluating access control methods Harry Bard Prof. Suspected Entry: 68% match Uploaded - Assignment 3 Evaluating access control methods.docx Evaluating access control methods Harry Bard Prof Source - Another student's paper Evaluating Access Control Methods Darrell Johnson Prof Khary Nickson CIS 349 11/16/17 3 Explain in your own words the elements of the following methods of: Suspected Entry: 87% match Uploaded - Assignment 3 Evaluating access control methods.docx Explain in your own words the elements of the following methods of Source - Another student's paper Explain in your own words the elements of the following methods of access control MAC, DAC, and RBAC Mandatory Access Control (MAC) MAC is a type of security control where it can only be managed by an administrator. MAC is most commonly used in systems which need confidentiality. Basically, it relies on the classification level hence even if a user has a classification level, then it is not an assurance that they have the right to have an access to everything (Osborn, 1997). 3 Therefore, this means that each user is given is given a similar classification level to a device in the system. Suspected Entry: 62% match Uploaded - Assignment 3 Evaluating access control methods.docx Therefore, this means that each user is given is given a similar classification level to a device in the system Source - Another student's paper Each user and device on the system is assigned a similar classification along with a clearance level However, it is important to note that MAC needs careful planning and frequent observation so as to keep updating the objects and the users. It is also difficult in implementing and to program. Discretionary Access Control (DAC) This type of control system gives the owners full control of the objects that they were given full control and access to. Therefore, the owners are given the power to control their data. After empowerment, the owners can then modify access control to their liking. For example, an owner can grant or give access to files. However, DAC is difficult in auditing. This is because it contains a large volume of log entries. In addition to that, it is dependent on owner’s security resources (Andress, 2014). Role-Based Access Control (RBAC) This is a method that can be used in executing discretionary access control. RBAC is important since it expresses how information can be accessed by a specified owner or user. Even though an individual may be having one role in the organization, he/she can be given an access to other roles. However, this model is inflexible since an individual can only be given the access to the data system based on their roles (Bertino, Bonatti, & Ferrari, 2001). 3 Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC The following explanations provide the comparison and contrast of the positive and negative aspects of employing MAC, DAC, and RBAC. Suspected Entry: 64% match Uploaded - Assignment 3 Evaluating access control methods.docx Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC The following explanations provide the comparison and contrast of the positive and negative aspects of employing MAC, DAC, and RBAC Source - Another student's paper Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC · The positive aspect of employing MAC- user is given an access to the resources by an administrator. A system administrator gives a user the permission to objects and resources (Osborn, 1997). · The Negative aspect of employing MAC- it requires careful planning and frequent observation so as to keep updating the object and account labels. 4 · The positive aspect of employing DAC- gives permission to users to control the access to their data. Suspected Entry: 62% match Uploaded - Assignment 3 Evaluating access control methods.docx · The positive aspect of employing DAC- gives permission to users to control the access to their data Source - Another student's paper DAC allows users to control access to their own data It is more flexible as compared to MAC · The negative aspect of employing of DAC- since each user is has a controlled access to their data it means that the risk giving access to other users increases. · The positive aspect of employing RBAC- it gives permission to roles and is assigned to the roles. · The negative aspect of employing RBAC- users cannot be given permissions above the roles that they have been given (Bertino, Bonatti, & Ferrari, 2001). 5 Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC There are various ways that can be used in mitigating negative aspects of MAC, DAC, and RBAC. Suspected Entry: 71% match Uploaded - Assignment 3 Evaluating access control methods.docx Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC There are various ways that can be used in mitigating negative aspects of MAC, DAC, and RBAC Source - Another student's paper The best methods that can be used to mitigate the negative aspects of MAC, DAC, and RBAC Various best practices can be used to reduce issues of MAC, DAC, and RBAC For MAC, its negative aspects can be reduced when it is used with another paradigm. 6 The negative aspects of DAC can be reduced or eradicated through employing the use of active access control. Suspected Entry: 63% match Uploaded - Assignment 3 Evaluating access control methods.docx The negative aspects of DAC can be reduced or eradicated through employing the use of active access control Source - Another student's paper The negative aspects of DAC can be mitigated by employing the use of reactive access controls On the other hand, the negative aspect of RBAC can be reduced if the users are given an access to take on the roles that they want to use (Bertino, Bonatti, & Ferrari, 2001). 3 Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Suspected Entry: 99% match Uploaded - Assignment 3 Evaluating access control methods.docx Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization Source - Another student's paper Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization Provide a rationale for your response With MAC environment, the organization will have to hire additional personnel who will help in supervising of the high system management as well as ensuring that the objects and labels are kept up to date (updating). Therefore, MAC will help the organization in ensuring that they protect their system from any Trojan attack. DAC will also permit and allow the users to have full control of the system despite the fact that this will expose the system to threats from Trojan attack (Andress, 2014). On the other hand, RBAC will basically protect the system of the organization from threats and attack from Trojan attack. In addition to that, the users will be able to undertake their roles without any threats (Bertino, Bonatti, & Ferrari, 2001). 3 Therefore, I think I would recommend the use of RBAC as the best method for the organization. Suspected Entry: 76% match Uploaded - Assignment 3 Evaluating access control methods.docx Therefore, I think I would recommend the use of RBAC as the best method for the organization Source - Another student's paper I would recommend the RBAC to the the best method for the organization Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suspected Entry: 99% match Uploaded - Assignment 3 Evaluating access control methods.docx Speculate on the foreseen challenge(s) when the organization applies the method you chose Source - Another student's paper Speculate on the foreseen challenge(s) when the organization applies the method you chose Suggest a strategy to address such challenge(s) Organizations can come up with a list of roles for different users and departments. This is a foreseeable challenge that may come along with the use of RBAC. It may be hard to know the effective personnel who will be assigned to his/her role and to identify the applications that will be used in the system (Bertino, Bonatti, & Ferrari, 2001). The approach that I would use is to let the members of the department choose the roles that they think they are expert in that area. Another approach is that the IT personnel should come up with the list of applications that are needed and are effective for each department. After all the applications are provided, the human resource department can then give a detailed description of each department so that members can assign themselves to their roles. References Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress. Bertino, E., Bonatti, P. A., & Ferrari, E. (2001). TRBAC: 7 A temporal role-based access control model. Suspected Entry: 99% match Uploaded - Assignment 3 Evaluating access control methods.docx A temporal role-based access control model Source - http://www.vldb.org/dblp/db/indices/a-tree/b/Bonatti:Piero_A=.html A temporal role-based access control model 8 ACM Transactions on Information and System Security (TISSEC), 4(3), 191-233. Suspected Entry: 73% match Uploaded - Assignment 3 Evaluating access control methods.docx ACM Transactions on Information and System Security (TISSEC), 4(3), 191-233 Source - ProQuest Document ACM Transactions on Information and System Security, 4 (3), 224-274 Oh, S., & Park, S. (2003). 7 Task–role-based access control model. Suspected Entry: 76% match Uploaded - Assignment 3 Evaluating access control methods.docx Task–role-based access control model Source - http://www.vldb.org/dblp/db/indices/a-tree/b/Bonatti:Piero_A=.html A temporal role-based access control model Information systems, 28(6), 533-562. Osborn, S. (1997, November). 1 Mandatory access control and role-based access control revisited. Suspected Entry: 100% match Uploaded - Assignment 3 Evaluating access control methods.docx Mandatory access control and role-based access control revisited Source - Another student's paper Mandatory access control and role-based access control revisited In Proceedings of the second ACM workshop on Role-based access control (pp. Suspected Entry: 100% match Uploaded - Assignment 3 Evaluating access control methods.docx In Proceedings of the second ACM workshop on Role-based access control (pp Source - Another student's paper In Proceedings of the second ACM workshop on Role-based access control (pp 31-40). ACM. 9 Sandhu, R., & Munawer, Q. Suspected Entry: 100% match Uploaded - Assignment 3 Evaluating access control methods.docx Sandhu, R., & Munawer, Q Source - Another student's paper Sandhu, R., & Munawer, Q (1998, October). 9 How to do discretionary access control using roles. Suspected Entry: 100% match Uploaded - Assignment 3 Evaluating access control methods.docx How to do discretionary access control using roles Source - Another student's paper How to do discretionary access control using roles In Proceedings of the third ACM workshop on Role-based access control (pp. Suspected Entry: 100% match Uploaded - Assignment 3 Evaluating access control methods.docx In Proceedings of the third ACM workshop on Role-based access control (pp Source - Another student's paper In Proceedings of the third ACM workshop on Role-based access control (pp 47-54). ACM.