Premium Essay

Unit 3 Discussion 1: Access Control Models

In: Computers and Technology

Submitted By ahilliker
Words 407
Pages 2
Scenarios:
1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Discretionary Access Controls should be used in this scenario because the company is small and not in need of high security environment. This solution is the simplest to maintain and monitor for a small business.
2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smart phones. Mandatory Access Controls should be used in this scenario because the employees primarily communicate using smart phones, which opens up a security risk. Mandatory Access Controls are a step up stronger than Discretionary Access Controls, but are still relatively simple to monitor for a small business.
3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smart phones and e-mail. Many employees work from home and travel extensively. Role Based Access Control should be used in this scenario because this is a large company with employees who travel and work from home. The roles should be controlled by a Security Administrator who could provide different levels of security to individual users. There would be some overhead in startup to get up and running but once in place this should be easy to manage.
4. Backordered Parts is a defense contractor that builds communication parts for the military. All employees communicate using smart phones and e-mail. Content-Dependent Access Controls should be used in this scenario since the company is manufacturing individual parts. Managing permissions based on the contents of each file is more time consuming and thus costly, but is also a lot more secure. This also allows the company to put less effort into monitoring data since each file is given its own…...

Similar Documents

Premium Essay

Unit 3 Discussion 1: Access Control Models

...Unit 3 Discussion 1: Access Control Models Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business. Scenario 2: (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads. Scenario 3: (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage. Scenario 4: Content-Dependent Access Control. Since everything that the company does depends on the individual material being manufactured the above Access Control type should be apparent. Giving permissions by what is contained in each individual file is more costly but, a lot more secure. It also allows the company to monitor the data sent less as each document is given its own set of roles. Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security measures would be assigned to each user and monitored by the security administrator(s). Using this......

Words: 295 - Pages: 2

Premium Essay

Week 5 Nt 2580

...Week 3 Course Lesson Plan IT2580 Introduction to Information Systems Security—Unit 3 Mr. Phillip Parrinelli pparrinelli@itt-tech.edu 619-327-1800 Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. GROUP ACTIVITY Discuss and complete the following worksheet: ------------------------------------------------- IT2580: Unit 3 Types of Authentication Instructions: In the following table, identify the type of authentication for the given authentication methods. Authentication Method | Authentication Type (Knowledge, Ownership, or Characteristic) | Password | | Smart card | | Fingerprint | | Personal identification number (PIN) | | Token | | Badge | | Signature | | ------------------------------------------------- DISCUSSION ------------------------------------------------- IT2580: Unit 3 Access Controls Discussion: Access controls can be...

Words: 716 - Pages: 3

Premium Essay

Asd Rtg

...Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective  Explain the role of access controls in implementing security policy. Key Concepts  The authorization policies applying access control to systems, application, and data  The role of identification in granting access to information systems  The role of authentication in granting access to information systems  The authentication factor types and the need for two- or three-factor authentication  The pros and cons of the formal models used for access controls Reading  Kim and Solomon, Chapter 5: Access Controls. Keywords Use the following keywords to search for additional materials to support your work:  Biometrics  Content Dependent Access Control  Decentralized Access Control  Discretionary Access Control  Kerberos  Mandatory Access Control  Remote Authentication Dial In User Service (Radius)  Role-Based Access Control  Security Controls  Secure European System for Applications in a Multi-Vendor Environment (SESAME)  Single Sign-on  Terminal Access Controller Access-Control System (TACACS) ------------------------------------------------- Week 3 Discussion * Access Control Models * Unit 3 Access Control Models (lT255.U3.TS2) Lab * Enable Windows Active Directory and User Access Controls Assignment * Remote Access......

Words: 542 - Pages: 3

Premium Essay

Cryptography Methods

...Unit 3 Discussion 1: Access Control Models 1. Select an access control model that best prevents unauthorized access for each of the five scenarios given in the worksheet 2. Which types of logical access controls should be used in each scenario? Justify your recommendations. Scenario 1. - Discretionary access controls I s a small company consisting of 12 computers only DAC allows each user to control access to their own data and is typically the default access control mechanism for most desktop operating systems. Scenario 2.-Role-based access control Because RBAC is based on a user's job function within the organization to which the computer system belongs. Scenario 3.-Mandatory access controls Because how big is the company MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. Mandatory Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. Scenario 4.- Mandatory access control The design of MAC was defined, and is primarily used by the government. Scenario 5.- Mandatory access control Because all access to resource objects is strictly controlled by the......

Words: 452 - Pages: 2

Free Essay

Rural Sourcing Workshop

...Director Selim Reza Hasan – Director of Prog Design Unit (first hour) Mishael Aziz Ahmad – Technical Coordinator Bishwajit Kumar Paul – Prog Manager Masud Alam Khan – FSUP team leader Facilitator: Kate Ives Agenda Time | Session | Facilitation | 09.30-09.40 | 1. Introduction and objectives | Kate | 09.40-10.00 | 2. Summary of findings | ppt slides (Kate) | 10.00-11.30 | 3. Discussion points and next steps | Group | Meeting notes Session 1 | Introduction | Kate | Objectives of the session are to reflect on lessons learned from rural sourcing programming after these first 4 years. Second, we want to discuss ways to deepen quality and sustainability in the future. | Session 2 | Summary of findings | Slide 4: Drivers * A point of clarification was added: access to resources also means control of resources. * The group discussed the meaning of “access to markets”, and defined restricting factors as: physical mobility (infrastructure and geographic restrictions such as those facing the chor areas), social mobility (gender-based constraints on leaving the home), fear of violence, women’s workload, and health. * There was a suggestion to refer more directly to the rural impact statement for appropriate language, and to refer to the agency/structure/relationships model. Slide 5 * It was suggested that ongoing monitoring be added to the process outlined above. * There was discussion around the importance of conducting an......

Words: 1333 - Pages: 6

Premium Essay

Computer Networking

...organization. The program prepares graduates to address various users’ needs involving the selection, development, application, integration and management of computing technologies within an organization Course Title: Free Elective II (Information Assurance and Security) Course Description: This course provides a broad view of information assurance and security and its major subjects: protection of information assets; access to information system; hacking legislation and industrial standards. In addition this course will serve as a guideline for students to make their course selections. Course/Year and Section: BSIT 4A-4D Duration/Term: 2ndSemester, AY 2015-2016 Course Meeting: No. of Units: 3 units lecture No. of Hours: 3 hours Pre-requisite/s: none Student Learning Outcome (CMO No. 25 Series of 2015): The graduates must have the ability to: 1. Articulate and discuss the latest developments in the specific field of practice. 2. Effectively communicate orally and in writing using both English and Filipino 3. Work effectively and independently in multi-disciplinary and multi-cultural teams. 4. Act in recognition of professional, social, and ethical responsibility 5. Preserve and promote “Filipino historical and cultural heritage” 6. Analyze complex problems, and identify and define the computing requirements needed to design an appropriate solution 7. Apply computing and other knowledge domains to address......

Words: 1777 - Pages: 8

Premium Essay

Informative

...Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT COPY 103 Graded Assignment Requirements 104 Unit 1 Discussion 1: Importance of Security Policies 105 Unit 1 Assignment 1: Security Policies Overcoming Business Challenges 107 Unit 2 Discussion 1: Risk Mitigation 108 Unit 2 Assignment 1: Good Policy Implementation 109 Unit 3 Discussion 1: Business Considerations 110 Unit 3 Assignment 1: Security Policy Frameworks 111 Unit 4 Discussion 1: Separation of Duties (SOD) 112 Unit 4 Assignment 1: Security Policy Creation 113 Unit 5 Discussion 1: Best Practices for User Policies 114 Unit 5 Assignment 1: Create User Policy 115 Unit 6 Discussion 1: IT Infrastructure Security Policies 117 Unit 6 Assignment 1: IT Infrastructure Policies 118 Unit 7 Discussion 1: Business Impact Analysis (BIA), Business Continuity Plan (BCP), and Disaster Recovery Plan......

Words: 18421 - Pages: 74

Premium Essay

It Project Management

...Development) • (Web Systems Development) BSc/BSc (Hons) Information Technology Management for Business BSc (Hons) Computer Games (Design) BSc/BSc (Hons) Cyber Security and Networks BSc/BSc (Hons) Networked Systems Engineering IT PROJECT MANAGEMENT 1 module code M3G405252 MODULE HANDBOOK – TRIMESTER A SESSION 2015/2016 Module Code: M3G405252 Module Title: IT PROJECT MANAGEMENT 1 Standard Module Abbreviation: ITPM1 Module Level: 3 Credit Points: 20 Module Leader: Edwin Gray, Office: M609, email:e.gray@gcu.ac.uk September 2015 Issue 1 01/09/2015 Edwin M Gray, BA, MSc, MBCS, CITP, CPSSADM Contents Page 1 Introduction 3 2 Module Overview 3 3 Module Descriptor 4 4 Module Assessment 7 5 Feedback 10 6 Indicative Reading 10 7 The Library, Saltire Centre 11 8 Learning Material Supplied By Module Leader 12 9 Module Delivery Structure 12 10 Learning and Teaching Plan 14 M3G405252 IT PROJECT MANAGEMENT 1 INTRODUCTION This handbook gives details of the module content, teaching schedule, recommended reading, assessment and feedback strategies used for students undertaking the module IT Project Management 1 (M3G405252 (old code: COMU350) Module Leader contact details: Eddie Gray, M609, (e.gray@gcu.ac.uk) Programmes Taking This Module This module’s host programmes are: • P01627 BSc/BSc (Hons) Computing (Information Systems Development) • P00249......

Words: 3307 - Pages: 14

Premium Essay

Strategic Management

...UNIT 1 i Overview of strategic management Unit 1 BMG 303/05 Strategic Management Overview of Strategic Management ii WAWASAN OPEN UNIVERSITY BMG 303/05 Strategic Management COURSE TEAM Course Team Coordinator: Dr. Chuah Poh Lean Content Writer: Dr. Hasliza Abdul Halim Instructional Designer: Mr. Khoo Chiew Keen Academic Member: Ms Lum Li Sean COURSE COORDINATOR Ms. Loo Saw Khuan EXTERNAL COURSE ASSESSOR Associate Professor Dr. Haji Hamzah Dato Abdul Rahman, Universiti Utara Malaysia. PRODUCTION Editor: Pelangi Sdn. Bhd. In-house Editor: Mr. Khoo Chiew Keen Graphic Designer: Deam Enterprise Wawasan Open University is Malaysia’s first private not-for-profit tertiary institution dedicated to adult learners. It is funded by the Wawasan Education Foundation, a tax-exempt entity established by the Malaysian People’s Movement Party (Gerakan) and supported by the Yeap Chor Ee Charitable and Endowment Trusts, other charities, corporations, members of the public and occasional grants from the Government of Malaysia. The course material development of the university is funded by Yeap Chor Ee Charitable and Endowment Trusts. © 2013 Wawasan Open University All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission from WOU. Wawasan Open......

Words: 23866 - Pages: 96

Premium Essay

Database Normalisation

...data and a set of programs to access those data. The collection of data, usually referred to as the database, contains information relevant to an enterprise. The primary goal of a DBMS is to provide a way to store and retrieve database information that is both convenient and efficient. Database systems are designed to manage large bodies of information. Management of data involves both defining structures for storage of information and providing mechanisms for the manipulation of information. In addition, the database system must ensure the safety of the information stored, despite system crashes or attempts at unauthorized access. If data are to be shared among several users, the system must avoid possible anomalous results. Because information is so important in most organizations, computer scientists have developed a large body of concepts and techniques for managing data. These concepts and technique form the focus of this book. This chapter briefly introduces the principles of database systems. Literature Survey 1. Redundancies and inconsistencies can be reduced 2. Better service to the Users 3. Flexibility of the system is improved 4. Cost of developing and maintaining systems is lower 5. Standards can be enforced 6. Security can be improved 7. Integrity can be improved 8. Enterprise requirements can be identified 9. Data model must be developed 10. Data consistency Methodology 1. Redundancies and......

Words: 1323 - Pages: 6

Premium Essay

Business Law.Types of Companies

...in several different ways. Several types information systems can be classified as either operations or management information systems.  Operations Support System: information systems have always been needed to process data generated by and used in, business operations. Such operations support systems produce a variety of information products for internal and external use. However they do not emphasize producing the specific information products that can best be used by managers. The role of a business firm’s operations support system is to efficiently process business transactions, control industrial processes, support enterprise communications and collaborations and update corporate databases.  Transaction Processing Systems: Are an important example of operations support system that record and process data resulting from business transactions.  Process Control Systems: Monitors and controls physical processes. They enhance team and workgroup communications and productivity, and include applications that are sometimes called as office automation systems.  Management Support Systems: When information systems applications focus on providing information and support for effective decision making by managers, they are called management support systems. Providing information and support for decision making by all types of managers and business professionals is a complex task. Conceptually, several major types of management support system includes:  Management Information......

Words: 13881 - Pages: 56

Premium Essay

Richdash

...xiv Study unit 1 The second wave of the global e-business 15 1.1 Unit overview 15 1.2 Unit outcomes 15 1.3 Unit assessment 16 1.4 Projects 16 1.5 Discussion questions 16 1.6 Additional resources 16 1.7 Key concepts to be mastered in the unit: 17 Study unit 2 The e-business technology basics 19 2.1 Unit overview 19 2.2 Unit outcomes 19 2.3 Unit assessment 20 2.4 Projects 20 2.5 Additional resources 20 2.6 Discussion questions 20 2.7 Key concepts to be mastered in the unit: 21 Study unit 3 Web server and email technology 23 3.1 Unit overview 23 3.2 Unit outcomes 23 3.3 Unit assessment 24 3.3.1 Projects 24 3.4 Additional resources 24 3.5 Discussion questions 25 3.6 Key concepts to be mastered in the unit: 25 Study unit 4 E-business revenue models 27 4.1 Unit overview 27 4.2 Unit outcomes 27 4.3 Unit assessment 28 4.3.1 Additional projects 28 4.4 Additional resources 28 4.5 Discussion questions 29 4.6 Key concepts to be mastered in the unit: 29 Study unit 5 Selling to customers online 31 5.1 Unit overview 31 5.2 Unit outcomes 31 5.3 Unit assessment 32 5.3.1 Projects 32 5.4 Additional resources 32 5.5 Discussion......

Words: 8803 - Pages: 36

Premium Essay

American School Counselor Association (2014). Mindsets and Behaviors for Student Success: K-12 College- and Career-Readiness Standards for Every Student. Alexandria, Va: Author

...develop a Continuing Care Retirement Community – a kind of senior housing retirement living center – on one (1) contiguous parcel of land located in a northeastern suburb of Houston, Texas by BGG Development, LLC – a Texas Limited Liability Company engaged in the development, capitalization, marketing and operations of senior housing facilities in Texas. BGG Development, LLC’s management has assessed the initial opportunity and believes the total development budget for the initial phase of this project will be approximately $54.1 million, but the project is expected to have three (3) phased stages developed over a 3-year period (if all operations are met with material success). Should BGG Development, LLC be successful in executing its business model, the expected result will be a near-term net profit pool of approximately $6.2 million and BGG Development, LLC will be seeking to acquire approximately $1.2 million in pre-construction phase capital financing to address this business opportunity. To these ends, the company is providing this proposal for the purposes of entertaining discussions with qualified institutions, businesses and accredited investors regarding the potential investment preferences. This document is not an offer to sell securities of any kind, nor does it constitute a guarantee or warranty as to future performance of any kind. This Document is For Discussion Purposes Only. Northeast Houston Senior Housing Project Development Financing......

Words: 5397 - Pages: 22

Premium Essay

Case Study

...Institutions 1 DEVI AHILYA VISHWAVIDYALAYA, INDORE MASTER OF BUSINESS ADMINISTRATION (MBA) CURRICULUM FOR FULL-TIME COURSES FIRST YEAR First Semester SUBJECT CODE LIST OF SUBJECTS FT 101C FT 102C FT 103C FT 104C FT 105C FT 106C FT 107C FT 108C Management Principles and Practices Mathematics and Statistics for Managers Accounting for Managers IT and E-Business Fundamentals Business Environment Organization Behavior and Processes Business Communication Business Legislation 1-2 3-4 5-6 7-8 9-10 11-12 13-14 15-16 COURSES AND SYLLABUS FOR SECOND, THIRD AND FOURTH SEMESTER SHALL BE COMMUNICATED LATER. 2 FT-101C MANAGEMENT PRINCIPLES AND PRACTICES Course Objective The objective of this course is to help the students gain understanding of the functions and responsibilities of the manager, provide them tools and techniques to be used in the performance of the managerial job, and enable them to analyze and understand the environment of the organization. Examination The faculty member will award internal marks out of 20 (8 for Tests and 12 for class participation). The semester examination carrying 80 marks will have two sections A and B. Section A worth 60 marks will have 6 theory questions out of which students will be required to attempt any four questions. Section B carrying 20 marks will contain one or more cases. Cases prescribed below are only for classroom discussion and internal evaluation and not for end semester examinations Course......

Words: 8599 - Pages: 35

Premium Essay

Process Evaluation: Sclsp

............................................................................... 2 Project Description and Scope .......................................................................................................................................... 3 Purpose of the Consultancy ..................................................................................................................................... 4 Scope ............................................................................................................................................................................ 4 Key Activities and Main Deliverables .................................................................................................................... 4 Evaluation Design and Framework .................................................................................................................................. 5 Study Questions and Methods........................................................................................................................................... 6 Key Informant Interviews and Stakeholder Perception Survey .................................................................................. 7 Focus Group Discussions .................................................................................................................................................. 9 Findings .............................................................................................

Words: 8567 - Pages: 35