Premium Essay

Unit 3 Discussion 1: Access Control Models

In: Computers and Technology

Submitted By ahilliker
Words 407
Pages 2
Scenarios:
1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Discretionary Access Controls should be used in this scenario because the company is small and not in need of high security environment. This solution is the simplest to maintain and monitor for a small business.
2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smart phones. Mandatory Access Controls should be used in this scenario because the employees primarily communicate using smart phones, which opens up a security risk. Mandatory Access Controls are a step up stronger than Discretionary Access Controls, but are still relatively simple to monitor for a small business.
3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smart phones and e-mail. Many employees work from home and travel extensively. Role Based Access Control should be used in this scenario because this is a large company with employees who travel and work from home. The roles should be controlled by a Security Administrator who could provide different levels of security to individual users. There would be some overhead in startup to get up and running but once in place this should be easy to manage.
4. Backordered Parts is a defense contractor that builds communication parts for the military. All employees communicate using smart phones and e-mail. Content-Dependent Access Controls should be used in this scenario since the company is manufacturing individual parts. Managing permissions based on the contents of each file is more time consuming and thus costly, but is also a lot more secure. This also allows the company to put less effort into monitoring data since each file is given its own

Similar Documents

Premium Essay

Unit 3 Discussion 1: Access Control Models

...Unit 3 Discussion 1: Access Control Models Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business. Scenario 2: (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads. Scenario 3: (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage. Scenario 4: Content-Dependent Access Control. Since everything that the company does depends on the individual material being manufactured the above Access Control type should be apparent. Giving permissions by what is contained in each individual file is more costly but, a lot more secure. It also allows the company to monitor the data sent less as each document is given its own set of roles. Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security measures would be assigned to each user and monitored by the security administrator(s). Using this Access...

Words: 295 - Pages: 2

Premium Essay

Week 5 Nt 2580

...Week 3 Course Lesson Plan IT2580 Introduction to Information Systems Security—Unit 3 Mr. Phillip Parrinelli pparrinelli@itt-tech.edu 619-327-1800 Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. GROUP ACTIVITY Discuss and complete the following worksheet: ------------------------------------------------- IT2580: Unit 3 Types of Authentication Instructions: In the following table, identify the type of authentication for the given authentication methods. Authentication Method | Authentication Type (Knowledge, Ownership, or Characteristic) | Password | | Smart card | | Fingerprint | | Personal identification number (PIN) | | Token | | Badge | | Signature | | ------------------------------------------------- DISCUSSION ------------------------------------------------- IT2580: Unit 3 Access Controls Discussion: Access controls can be...

Words: 716 - Pages: 3

Premium Essay

Asd Rtg

...Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective  Explain the role of access controls in implementing security policy. Key Concepts  The authorization policies applying access control to systems, application, and data  The role of identification in granting access to information systems  The role of authentication in granting access to information systems  The authentication factor types and the need for two- or three-factor authentication  The pros and cons of the formal models used for access controls Reading  Kim and Solomon, Chapter 5: Access Controls. Keywords Use the following keywords to search for additional materials to support your work:  Biometrics  Content Dependent Access Control  Decentralized Access Control  Discretionary Access Control  Kerberos  Mandatory Access Control  Remote Authentication Dial In User Service (Radius)  Role-Based Access Control  Security Controls  Secure European System for Applications in a Multi-Vendor Environment (SESAME)  Single Sign-on  Terminal Access Controller Access-Control System (TACACS) ------------------------------------------------- Week 3 Discussion * Access Control Models * Unit 3 Access Control Models (lT255.U3.TS2) Lab * Enable Windows Active Directory and User Access Controls Assignment * Remote Access Control...

Words: 542 - Pages: 3

Premium Essay

Cryptography Methods

...Unit 3 Discussion 1: Access Control Models 1. Select an access control model that best prevents unauthorized access for each of the five scenarios given in the worksheet 2. Which types of logical access controls should be used in each scenario? Justify your recommendations. Scenario 1. - Discretionary access controls I s a small company consisting of 12 computers only DAC allows each user to control access to their own data and is typically the default access control mechanism for most desktop operating systems. Scenario 2.-Role-based access control Because RBAC is based on a user's job function within the organization to which the computer system belongs. Scenario 3.-Mandatory access controls Because how big is the company MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. Mandatory Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. Scenario 4.- Mandatory access control The design of MAC was defined, and is primarily used by the government. Scenario 5.- Mandatory access control Because all access to resource objects is strictly controlled by the operating...

Words: 452 - Pages: 2

Free Essay

Rural Sourcing Workshop

...Director Selim Reza Hasan – Director of Prog Design Unit (first hour) Mishael Aziz Ahmad – Technical Coordinator Bishwajit Kumar Paul – Prog Manager Masud Alam Khan – FSUP team leader Facilitator: Kate Ives Agenda Time | Session | Facilitation | 09.30-09.40 | 1. Introduction and objectives | Kate | 09.40-10.00 | 2. Summary of findings | ppt slides (Kate) | 10.00-11.30 | 3. Discussion points and next steps | Group | Meeting notes Session 1 | Introduction | Kate | Objectives of the session are to reflect on lessons learned from rural sourcing programming after these first 4 years. Second, we want to discuss ways to deepen quality and sustainability in the future. | Session 2 | Summary of findings | Slide 4: Drivers * A point of clarification was added: access to resources also means control of resources. * The group discussed the meaning of “access to markets”, and defined restricting factors as: physical mobility (infrastructure and geographic restrictions such as those facing the chor areas), social mobility (gender-based constraints on leaving the home), fear of violence, women’s workload, and health. * There was a suggestion to refer more directly to the rural impact statement for appropriate language, and to refer to the agency/structure/relationships model. Slide 5 * It was suggested that ongoing monitoring be added to the process outlined above. * There was discussion around the importance of conducting an early needs...

Words: 1333 - Pages: 6

Premium Essay

Computer Networking

...The BS Information technology program includes the study of the utilization of both hardware and software technologies involving planning, installing, customizing, operating, managing and administering, and maintaining information technology infrastructure that provides computing solutions to address the needs of an organization. The program prepares graduates to address various users’ needs involving the selection, development, application, integration and management of computing technologies within an organization Course Title: Free Elective II (Information Assurance and Security) Course Description: This course provides a broad view of information assurance and security and its major subjects: protection of information assets; access to information system; hacking legislation and industrial standards. In addition this course will serve as a guideline for students to make their course selections. Course/Year and Section: BSIT...

Words: 1777 - Pages: 8

Premium Essay

Informative

...Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT COPY 103 Graded Assignment Requirements 104 Unit 1 Discussion 1: Importance of Security Policies 105 Unit 1 Assignment 1: Security Policies Overcoming Business...

Words: 18421 - Pages: 74

Premium Essay

It Project Management

...Development) • (Web Systems Development) BSc/BSc (Hons) Information Technology Management for Business BSc (Hons) Computer Games (Design) BSc/BSc (Hons) Cyber Security and Networks BSc/BSc (Hons) Networked Systems Engineering IT PROJECT MANAGEMENT 1 module code M3G405252 MODULE HANDBOOK – TRIMESTER A SESSION 2015/2016 Module Code: M3G405252 Module Title: IT PROJECT MANAGEMENT 1 Standard Module Abbreviation: ITPM1 Module Level: 3 Credit Points: 20 Module Leader: Edwin Gray, Office: M609, email:e.gray@gcu.ac.uk September 2015 Issue 1 01/09/2015 Edwin M Gray, BA, MSc, MBCS, CITP, CPSSADM Contents Page 1 Introduction 3 2 Module Overview 3 3 Module Descriptor 4 4 Module Assessment 7 5 Feedback 10 6 Indicative Reading 10 7 The Library, Saltire Centre 11 8 Learning Material Supplied By Module Leader 12 9 Module Delivery Structure 12 10 Learning and Teaching Plan 14 M3G405252 IT PROJECT MANAGEMENT 1 INTRODUCTION This handbook gives details of the module content, teaching schedule, recommended reading, assessment and feedback strategies used for students undertaking the module IT Project Management 1 (M3G405252 (old code: COMU350) Module Leader contact details: Eddie Gray, M609, (e.gray@gcu.ac.uk) Programmes Taking This Module This module’s host programmes are: • P01627 BSc/BSc (Hons) Computing (Information Systems Development) • P00249 BSc...

Words: 3307 - Pages: 14

Premium Essay

Process Evaluation: Sclsp

...M&E Sub-Committee);and Ministry of Education, Youth & Sports John D. Flowers Table of Contents Executive Summary ......................................................................................................................... Error! Bookmark not defined. 1.0 1.2 1.2.1 1.2.2 1.1.3 2.0 2.1 2.2 2.1 2.2 3.0 3.1 3.2 3.2.1 3.2.2 3.2.3 3.2.4 3.2.5 3.3 3.5 3.5.1 3.5.2 3.5.3 3.5.4 3.6 Background ................................................................................................................................................................................ 2 Project Description and Scope .......................................................................................................................................... 3 Purpose of the Consultancy ..................................................................................................................................... 4 Scope ............................................................................................................................................................................ 4 Key Activities and Main Deliverables .................................................................................................................... 4 Evaluation Design and Framework .................................................................................................................................. 5 Study Questions and Methods............................................................

Words: 8567 - Pages: 35

Free Essay

Virtual Classroom

...TABLE OF CONTENTS Sr. Content Page no No 1. INTRODUCTION 6 1.1 Abstract 1.2 Problem Definition 1.3 Scope of Project 2. REVIEW OF LITERATURE 8 3. SOFTWARE REQUIREMENT SPECIFICATION 18 4. EXISTING SYSTEM 22 5. PROPOSED SYSTEM 26 6. TIMELINE CHART OF PROJECT` 32 7. FUTURE SCOPE 33 8. CONCLUSION 34 9. REFERENCES 35 1. INTRODUCTION 1.1 Abstract Virtual Classroom represents an innovative shift in the field of learning, providing rapid access to specific knowledge and information. It represents an interface between the students and a professor and provides personalized learning materials to the users. It offers a possibility to the attendees to share different resources at once and work with them as if they were at the same place where (real) resources are. In the system design, we use agents as entities that work on different tasks in the system. A set of agents of the same type is responsible for handling different users and their requests. The cooperation among agents is established through the act of exchanging messages. A wide variety of classroom techniques are being advocated to increase learning: active learning, collaboration, integration of assessment...

Words: 7999 - Pages: 32

Premium Essay

Database Normalisation

...data and a set of programs to access those data. The collection of data, usually referred to as the database, contains information relevant to an enterprise. The primary goal of a DBMS is to provide a way to store and retrieve database information that is both convenient and efficient. Database systems are designed to manage large bodies of information. Management of data involves both defining structures for storage of information and providing mechanisms for the manipulation of information. In addition, the database system must ensure the safety of the information stored, despite system crashes or attempts at unauthorized access. If data are to be shared among several users, the system must avoid possible anomalous results. Because information is so important in most organizations, computer scientists have developed a large body of concepts and techniques for managing data. These concepts and technique form the focus of this book. This chapter briefly introduces the principles of database systems. Literature Survey 1. Redundancies and inconsistencies can be reduced 2. Better service to the Users 3. Flexibility of the system is improved 4. Cost of developing and maintaining systems is lower 5. Standards can be enforced 6. Security can be improved 7. Integrity can be improved 8. Enterprise requirements can be identified 9. Data model must be developed 10. Data consistency Methodology 1. Redundancies and inconsistencies...

Words: 1323 - Pages: 6

Premium Essay

Richdash

...|ELECTRONIC BUSINESS | | | |STUDY GUIDE FOR | |INYM 225 MEC | |*INYM225MEC* | |FACULTY OF COMMERCE AND ADMINISTRATION | |MAFIKENG CAMPUS | Study guide compiled by: Ms S.T. Nthutang Instructional Design by Mrs Annelize Cronje,Senior Academic Development Advisor, ADC Page layout by Roxanne Bremner, Academic Development Centre Printing arrangements and distribution by Department Logistics (Distribution Centre). Printed by Nashua Digidoc Centre (018) 299 2827 Copyright ( 2014 edition. Date of revision 2016. North-West University, Mafikeng Campus. No part of this book may be reproduced in any form or by any means without written permission from the publisher TABLE OF CONTENTS Module information vii Study guide title: Electronic Business vii Module qualification:...

Words: 8803 - Pages: 36

Premium Essay

American School Counselor Association (2014). Mindsets and Behaviors for Student Success: K-12 College- and Career-Readiness Standards for Every Student. Alexandria, Va: Author

...develop a Continuing Care Retirement Community – a kind of senior housing retirement living center – on one (1) contiguous parcel of land located in a northeastern suburb of Houston, Texas by BGG Development, LLC – a Texas Limited Liability Company engaged in the development, capitalization, marketing and operations of senior housing facilities in Texas. BGG Development, LLC’s management has assessed the initial opportunity and believes the total development budget for the initial phase of this project will be approximately $54.1 million, but the project is expected to have three (3) phased stages developed over a 3-year period (if all operations are met with material success). Should BGG Development, LLC be successful in executing its business model, the expected result will be a near-term net profit pool of approximately $6.2 million and BGG Development, LLC will be seeking to acquire approximately $1.2 million in pre-construction phase capital financing to address this business opportunity. To these ends, the company is providing this proposal for the purposes of entertaining discussions with qualified institutions, businesses and accredited investors regarding the potential investment preferences. This document is not an offer to sell securities of any kind, nor does it constitute a guarantee or warranty as to future performance of any kind. This Document is For Discussion Purposes Only. Northeast Houston Senior Housing Project Development Financing Proposal Pre-Development...

Words: 5397 - Pages: 22

Premium Essay

Strategic Management

...UNIT 1 i Overview of strategic management Unit 1 BMG 303/05 Strategic Management Overview of Strategic Management ii WAWASAN OPEN UNIVERSITY BMG 303/05 Strategic Management COURSE TEAM Course Team Coordinator: Dr. Chuah Poh Lean Content Writer: Dr. Hasliza Abdul Halim Instructional Designer: Mr. Khoo Chiew Keen Academic Member: Ms Lum Li Sean COURSE COORDINATOR Ms. Loo Saw Khuan EXTERNAL COURSE ASSESSOR Associate Professor Dr. Haji Hamzah Dato Abdul Rahman, Universiti Utara Malaysia. PRODUCTION Editor: Pelangi Sdn. Bhd. In-house Editor: Mr. Khoo Chiew Keen Graphic Designer: Deam Enterprise Wawasan Open University is Malaysia’s first private not-for-profit tertiary institution dedicated to adult learners. It is funded by the Wawasan Education Foundation, a tax-exempt entity established by the Malaysian People’s Movement Party (Gerakan) and supported by the Yeap Chor Ee Charitable and Endowment Trusts, other charities, corporations, members of the public and occasional grants from the Government of Malaysia. The course material development of the university is funded by Yeap Chor Ee Charitable and Endowment Trusts. © 2013 Wawasan Open University All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission from WOU. Wawasan Open University (KPT/JPT/DFT/US/P01) ...

Words: 23866 - Pages: 96

Premium Essay

Case Study

...Institutions 1 DEVI AHILYA VISHWAVIDYALAYA, INDORE MASTER OF BUSINESS ADMINISTRATION (MBA) CURRICULUM FOR FULL-TIME COURSES FIRST YEAR First Semester SUBJECT CODE LIST OF SUBJECTS FT 101C FT 102C FT 103C FT 104C FT 105C FT 106C FT 107C FT 108C Management Principles and Practices Mathematics and Statistics for Managers Accounting for Managers IT and E-Business Fundamentals Business Environment Organization Behavior and Processes Business Communication Business Legislation 1-2 3-4 5-6 7-8 9-10 11-12 13-14 15-16 COURSES AND SYLLABUS FOR SECOND, THIRD AND FOURTH SEMESTER SHALL BE COMMUNICATED LATER. 2 FT-101C MANAGEMENT PRINCIPLES AND PRACTICES Course Objective The objective of this course is to help the students gain understanding of the functions and responsibilities of the manager, provide them tools and techniques to be used in the performance of the managerial job, and enable them to analyze and understand the environment of the organization. Examination The faculty member will award internal marks out of 20 (8 for Tests and 12 for class participation). The semester examination carrying 80 marks will have two sections A and B. Section A worth 60 marks will have 6 theory questions out of which students will be required to attempt any four questions. Section B carrying 20 marks will contain one or more cases. Cases prescribed below are only for classroom discussion and internal evaluation and not for end semester examinations Course contents 1. Concept...

Words: 8599 - Pages: 35