Wk 7

Aanil

AccessControl.zip

Home >Computer Science homework help >Wk 7

Discussion21.docx

Running Head: Security and Technical Drivers 1

DISCUSSION 2

Security and technical drivers for having an access control policy

Among the security drivers for having in place an access control policy are the increasing cybersecurity threats. Organizations are well aware that relaxing on matters cybersecurity only endangers their informational and financial wellbeing, hence the need to have an access control policy that will dictate how the company regulates access to sensitive corporate data, company premises, and documents. The second driver is the need for a robust security culture within the organization. In the cybersecurity context, the security-related actions of employees highly dictate the security posture of an organization, as noted by Kayes et al (2019). It is important for employees to have a strong knowledge and understanding concerning the protection of their organization’s physical and information assets, and an access control policy will ensure that an organization is able to educate its employees on what is expected of them.

The need to exercise compliance with access control regulatory standards, which demand organizations to exercise a certain level of access control in order to maintain a consistent security posture, also drives the need for an access control policy. One of the technical drivers is the need for well-laid access control implementation guidelines that everyone is the organization can refer to, which subsequently calls for an access control policy that often covers these guidelines. Last but not the least, is the need for appropriate access control mechanisms which will meet an organization’s security needs, and this correct identification of mechanisms is achieved through an access control policy. One of the major tenets of an access control policy is the principle of least privilege, which addresses governance when assigning access to users. Another key tenet is the separation of duty (SOD) principle which addresses the balancing of access privileges within the organization, and seeks to address the reduction of unauthorized access or misuse of organizational assets (Preuveneers et al., 2018). There is also the principle of accountability, which seeks to establish responsibility amongst users across the organization in regards to access control behaviors.

References

Kayes, A. S. M., Han, J., Rahayu, W., Dillon, T., Islam, M. S., & Colman, A. (2019). A policy model and framework for context-aware access control to information resources. The Computer Journal, 62(5), 670-705. Retrieved from https://academic.oup.com/comjnl/article-abstract/62/5/670/5055357

Preuveneers, D., Joosen, W., & Ilie-Zudor, E. (2018). Policy reconciliation for access control in dynamic cross-enterprise collaborations. Enterprise Information Systems, 12(3), 279-299. Retrieved from https://www.tandfonline.com/doi/abs/10.1080/17517575.2017.1355985

Assignment11.docx

Spr-WK2.1

Student’s Name

Professor’s Name

Course Name

Institution Name

Date

Spr-WK2.1

The information willing to be shared are shopping habits, traveling history, eating and drinking habits. From a legal perspective, they are not protected by the Privacy Act of 1974; moreover, they do not contain confidential, privileged information that may compromise an individual’s security. The Privacy Act of 1974 aims to protect the privacy and individual rights (Clayton et al., 2019). Thus federal agencies are mandated to request information with full disclosure of purpose and expectations. The result of the federal legislation is the protection of information such as social security numbers, educational history, financial records, employment history, medical history, and criminal records (Clayton et al., 2019).

However, it should be noted that though federal agencies are not allowed to disclose personal information without consent, executive order, or court order, the records should only be maintained if they serve a relevant role within the agency (Hazel & Slobogin, 2021). Additionally, unless data is for federal statistical purposes, agencies must collect information that is practically applicable directly to the individual. Finally, the data collected should adhere to the specifications of the First Amendment to protect the public.

When addressing information such as traveling history, eating or drinking habits, and shopping habits, they represent habitual information that can be attained from various sources such as social media. Social media platforms mainly collect the data to promote targeted marketing. Personal data on daily habits can allow access to multiple products or services that meet individual needs and, thus, the willingness to share. Additionally, such information is not protected by the Privacy Act of 1974. Finally, there is sufficient data that supports the effectiveness of personalized marketing and increases consumer satisfaction and revenue generated. The notion is supported by Moe & Schweidel (2017) who has demonstrated the potential of social media and individual habit data. It adheres to legal requirements, and the participants are aware of the expectation.

References

Clayton, E., Evans, B., Hazel, J., & Rothstein, M. (2019). The law of genetic privacy: applications, implications, and limitations. Journal Of Law And The Biosciences, 6(1), 1-36. https://doi.org/10.1093/jlb/lsz007

Hazel, J., & Slobogin, C. (2021). Who Knows What, and When?: A Survey of the Privacy Policies Proffered by U.S. Direct-to-Consumer Genetic Testing Companies. Cornell Journal Of Law And Public Policy, 18(18). Retrieved 11 March 2021, from https://papers.ssrn.com/sol3/papers.cfm?full_id=3165765.

Moe, W., & Schweidel, D. (2017). Opportunities for Innovation in Social Media Analytics. Journal Of Product Innovation Management, 34(5), 697-702. https://doi.org/10.1111/jpim.12405

BiometricSystemEvaluation.docx

Running Head: BIOMETRIC 1

BIOMETRIC 12

Biometric System Evaluation

Name

Institution

Professor

Course

Date

Advantages of fingerprint biometric method include: security-wise it can be said to be a great enhancement on identity cards as well as passwords. It is easy to use since no more complications for an individual trying to remember their password or getting locked out at the absence of an ID. Another benefit is non-transferable which rules out the probability of sharing passwords which enables appropriate workforce monitoring. Disadvantages are: there is failure of systems which might happen when scanners experience technical failures and power outages another disadvantage is exclusions whereby despite fingerprints being part of an individual always a section of the population gets excluded due to disabilities. Retina advantages are it is very stable with minimal changes in a lifetime hence minimal probability of error whenever an identity is confirmed. Disadvantages are it is very uneasy having to stare to a receptacle plus light beam that is infrared getting shone in an individual due to high focus required (Corsetti, 2020).

Iris advantages are no need for physical contact during scanning, accuracy in matching performance, complex in spoofing. Disadvantages are it is not able to use a camera that is regular, in general it needs proximity that is close to the camera which might lead to discomfort and has minimal value in criminal investigation. Hand geometry advantages is that it is capable of being utilized within environments that are harshest as well as most punishing that can be imagined while the disadvantage is that due to the hand being a component that is external in a human anatomy, it becomes prone to external surrounding harshness which can alter the geometry. The typing tempo demerits are errors and false positives which might block access to users who are legit or permit access to users who are unauthorized. Advantage is that it is possible to tune the system into adjusting varying styles and speeds for typing. Signature analysis benefit tends to be high resistance to impostors while demerits are it is prince to error rates that are extremely high especially when the signature has mutual inconsistency from one another. Voice recognition advantages it enhances safety through agent’s elimination from processing of data while disadvantage is lacks accuracy in addition to misinterpretation (Dube, et.al, 2020, December).

References

Corsetti, B. (2020). Traceable and comparable evaluation methodology for biometric system usability. https://link. Springer. Com/chapter/10.1007/978-3-030-51369-6_51. Retrieved from https://e-archivo.uc3m.es/handle/10016/32237

Dube, A., Singh, D., Asthana, R. K., & Walia, G. S. (2020, December). A Framework for Evaluation of Biometric Based Authentication System. In 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS) (pp. 925-932). IEEE. Retrieved from https://ieeexplore.ieee.org/abstract/document/9315933/

Discussion11.docx

Running Head: DISCUSSION 1

DISCUSSION 2

Student’s name:

Professor’s name:

Topic:

Institution:

Date:

Discussion

In the organizational context, disasters mostly stem from human errors, natural events, and security breaches. Preventing disastrous occurrences is often a frustrating task for most organizations because most of these large-scale events happen without warning. Failure to have in place pre-established disaster prevention techniques may result in the damage of valuable organizational equipment, devices and facilities, as well as the interference of carefully-laid organizational plans. One of the access control mitigation solution against disaster prevention impacts is the environment monitoring access control system, which has features to enable an organization gain access to real-time environmental information. Another mitigation solution for this challenge is having in place role-based access control systems, which aid in preventing disasters arising from employee errors and malicious parties.

Disaster recovery is often complex particularly when the extent of the damage is beyond the average level. When the disaster recovery process is delayed, the aftermath ranges from the loss of sensitive mission-critical organizational data, to the disruption of core business functions within the organization, which in turn leads to ruined organizational reputation and significant revenue loss. Mitigating the impact of delayed disaster recovery can be aided through cloud-based access control systems, which provide organizations with remote access to crucial systems and data in case of downtime, and support the restoration of systems to normal functions in a timely fashion (El Sibai et al., 2020). It is important for organizations to manage customer access to data accordingly by regularly auditing and tracking this access, because failure to do so may create room for security loopholes that may expose an organization’s confidential data to hackers. Mitigating this impact can be aided using discretionary access control systems, which enable organizations to grant or revoke data access to customers under their control. Lastly, maintaining a competitive advantage may be a struggle for most organizations owing to the ever-increasing competition. For most organizations, their competitive advantage is mostly characterized by their intellectual property (IP). When this IP falls onto the hands of a rival, an organization risks losing their competitive edge, and their financial posture may be compromised. This can be mitigated using Mandatory access control systems, which seek to cushion organizations’ IP data form unauthorized changes and access (Senseon, 2020).

References

El Sibai, R., Gemayel, N., Bou Abdo, J., & Demerjian, J. (2020). A survey on access control mechanisms for cloud computing. Transactions on Emerging Telecommunications Technologies, 31(2), e3720. Retrieved from https://onlinelibrary.wiley.com/doi/abs/10.1002/ett.3720

Senseon (2020). Understanding Access Control Systems. Retrieved from https://www.senseon.com/access-control/