Premium Essay

Unit 3 Discussion 1: Access Control Models

In: Computers and Technology

Submitted By ahilliker
Words 407
Pages 2
Scenarios:
1. Shovels and Shingles is a small construction company consisting of 12 computers that have internet access. Discretionary Access Controls should be used in this scenario because the company is small and not in need of high security environment. This solution is the simplest to maintain and monitor for a small business.
2. Top Ads is a small advertising company consisting of 12 computers that have internet access. All employees communicate using smart phones. Mandatory Access Controls should be used in this scenario because the employees primarily communicate using smart phones, which opens up a security risk. Mandatory Access Controls are a step up stronger than Discretionary Access Controls, but are still relatively simple to monitor for a small business.
3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have internet access and 45,000 servers. All employees communicate using smart phones and e-mail. Many employees work from home and travel extensively. Role Based Access Control should be used in this scenario because this is a large company with employees who travel and work from home. The roles should be controlled by a Security Administrator who could provide different levels of security to individual users. There would be some overhead in startup to get up and running but once in place this should be easy to manage.
4. Backordered Parts is a defense contractor that builds communication parts for the military. All employees communicate using smart phones and e-mail. Content-Dependent Access Controls should be used in this scenario since the company is manufacturing individual parts. Managing permissions based on the contents of each file is more time consuming and thus costly, but is also a lot more secure. This also allows the company to put less effort into monitoring data since each file is given its own...

Similar Documents

Premium Essay

Unit 3 Discussion 1: Access Control Models

...Unit 3 Discussion 1: Access Control Models Scenario 1: (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business. Scenario 2: (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads. Scenario 3: (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage. Scenario 4: Content-Dependent Access Control. Since everything that the company does depends on the individual material being manufactured the above Access Control type should be apparent. Giving permissions by what is contained in each individual file is more costly but, a lot more secure. It also allows the company to monitor the data sent less as each document is given its own set of roles. Scenario 5: (RBAC) Role Based Access Control. With RBAC in place the security measures would be assigned to each user and monitored by the security administrator(s). Using this......

Words: 295 - Pages: 2

Premium Essay

Week 5 Nt 2580

...Week 3 Course Lesson Plan IT2580 Introduction to Information Systems Security—Unit 3 Mr. Phillip Parrinelli pparrinelli@itt-tech.edu 619-327-1800 Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. GROUP ACTIVITY Discuss and complete the following worksheet: ------------------------------------------------- IT2580: Unit 3 Types of Authentication Instructions: In the following table, identify the type of authentication for the given authentication methods. Authentication Method | Authentication Type (Knowledge, Ownership, or Characteristic) | Password | | Smart card | | Fingerprint | | Personal identification number (PIN) | | Token | | Badge | | Signature | | ------------------------------------------------- DISCUSSION ------------------------------------------------- IT2580: Unit 3 Access Controls Discussion: Access controls can be...

Words: 716 - Pages: 3

Premium Essay

Asd Rtg

...Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective  Explain the role of access controls in implementing security policy. Key Concepts  The authorization policies applying access control to systems, application, and data  The role of identification in granting access to information systems  The role of authentication in granting access to information systems  The authentication factor types and the need for two- or three-factor authentication  The pros and cons of the formal models used for access controls Reading  Kim and Solomon, Chapter 5: Access Controls. Keywords Use the following keywords to search for additional materials to support your work:  Biometrics  Content Dependent Access Control  Decentralized Access Control  Discretionary Access Control  Kerberos  Mandatory Access Control  Remote Authentication Dial In User Service (Radius)  Role-Based Access Control  Security Controls  Secure European System for Applications in a Multi-Vendor Environment (SESAME)  Single Sign-on  Terminal Access Controller Access-Control System (TACACS) ------------------------------------------------- Week 3 Discussion * Access Control Models * Unit 3 Access Control Models (lT255.U3.TS2) Lab * Enable Windows Active Directory and User Access Controls Assignment * Remote Access......

Words: 542 - Pages: 3

Free Essay

Rural Sourcing Workshop

...Director Selim Reza Hasan – Director of Prog Design Unit (first hour) Mishael Aziz Ahmad – Technical Coordinator Bishwajit Kumar Paul – Prog Manager Masud Alam Khan – FSUP team leader Facilitator: Kate Ives Agenda Time | Session | Facilitation | 09.30-09.40 | 1. Introduction and objectives | Kate | 09.40-10.00 | 2. Summary of findings | ppt slides (Kate) | 10.00-11.30 | 3. Discussion points and next steps | Group | Meeting notes Session 1 | Introduction | Kate | Objectives of the session are to reflect on lessons learned from rural sourcing programming after these first 4 years. Second, we want to discuss ways to deepen quality and sustainability in the future. | Session 2 | Summary of findings | Slide 4: Drivers * A point of clarification was added: access to resources also means control of resources. * The group discussed the meaning of “access to markets”, and defined restricting factors as: physical mobility (infrastructure and geographic restrictions such as those facing the chor areas), social mobility (gender-based constraints on leaving the home), fear of violence, women’s workload, and health. * There was a suggestion to refer more directly to the rural impact statement for appropriate language, and to refer to the agency/structure/relationships model. Slide 5 * It was suggested that ongoing monitoring be added to the process outlined above. * There was discussion around the importance of conducting an......

Words: 1333 - Pages: 6

Premium Essay

Database Normalisation

...data and a set of programs to access those data. The collection of data, usually referred to as the database, contains information relevant to an enterprise. The primary goal of a DBMS is to provide a way to store and retrieve database information that is both convenient and efficient. Database systems are designed to manage large bodies of information. Management of data involves both defining structures for storage of information and providing mechanisms for the manipulation of information. In addition, the database system must ensure the safety of the information stored, despite system crashes or attempts at unauthorized access. If data are to be shared among several users, the system must avoid possible anomalous results. Because information is so important in most organizations, computer scientists have developed a large body of concepts and techniques for managing data. These concepts and technique form the focus of this book. This chapter briefly introduces the principles of database systems. Literature Survey 1. Redundancies and inconsistencies can be reduced 2. Better service to the Users 3. Flexibility of the system is improved 4. Cost of developing and maintaining systems is lower 5. Standards can be enforced 6. Security can be improved 7. Integrity can be improved 8. Enterprise requirements can be identified 9. Data model must be developed 10. Data consistency Methodology 1. Redundancies and......

Words: 1323 - Pages: 6

Premium Essay

Test Test

...Discussion Details: Internet and OSI Model 1. Identify the layer of the Internet model. There are only five layers in Internet Model. The layers are: ● Physical ● ● ● ● 2. Data link Network Transport Application Which layers in the Internet model are the network support layers? ● Physical ● ● Data link Network Reason: Without physical, data link and network layer itself; the data would not be able to be transmitted to other networks. 3. Which layer in the Internet model is the user support layer? Application layer Reason: Users only able to access the resources available in application layer. Examples of the available resources for users are mail services and file transfer services. 4. What is the difference between network layer delivery and transport layer delivery? Transport layer Network layer responsible for source-to- Oversees delivery of destination delivery of the individual packets of entire message data irrespective of their relationship to each other and to the entire message. Process to process End to end delivery delivery Make use of port Make use of logical addresses addresses – IP address 5. What is a peer-to-peer process? Peer-to-peer processes are processes on two or more devices communicating at a given layer. Example: Routers in network A communicate with router in network B for optimal path determination. How does information get passed from one layer to the next in the Internet model? Each layer calls upon the......

Words: 708 - Pages: 3

Premium Essay

Acct212 Financial Accounting Final Exam Answers

...assets to each period'sincome statement and adjusts the value of the asset on the balance sheet. (1) Explain how thestraight-line method is computed (10 points) and (2) provide an example of how this methodcould be used on a new delivery truck purchased for $25,000 to be used for 4 years with asalvage value of $0 for year one only. (15 points) (Points : 25) 7. (TCO 6) To raise capital, companies might sell bonds. This allows them to bypass lenderssuch as banks and go directly to the investing public. Your company is planning to sell bondswith a face amount of $10,000 and paying 5% annual interest. (1) The day the bonds hit themarket, the bond price is quoted at 101.5. What is the bond's selling price? (10 points) and (2)how does the company record this sale in its accounting information system? Use journal entriesto support your answer. (15 points) (Points : 25) 8. (TCO 1) Financial statement analysis is used by investors, creditors, and managers of businessto evaluate the operation and health of the business. This information is in part the basis for decision-making. (1) Identify ratios used to evaluate the profitability of a company (10 points)and (2) provide an example of how the results of this analysis could be used to make businessdecisions. (15 points) (Points : 25) 9. (TCO 7) There are three different forms of business; sole-proprietor, partnership, andcorporation. (1) Explain why a corporation's government regulations may be a disadvantage (10 points) and (2)......

Words: 1274 - Pages: 6

Premium Essay

Exetel Presentation Script

...SLIDE 3 So firstly introduce what are the issues/challenges etc. under investigation – Exetel's management of Sri Lanka and its implementation and use ofthe GURUS system Use of Control Mechanisms in Multinational Organizational Structures, WHO HERE (JUST RAISE YOUR HAND) HAS HAD A NEGATIVE EXPERIENCE WITH PHONE SUPPORT FROM TECH SUPPORT? WHO HAS HAD A POSITIVE ONE? (ask for one name from each different question, come back to them shortly) SLIDE 4 4 sections – tech support, inbound sales, software development, billing and admin BEFORE GURUS – Too many reports with inconsistent format, too many words without quantifiable numbers, Australian General Manager had homesickness GURUS: measured every single staff performance in Sri Lanka in real time – unwelcome to employees. Displayed public results. '0' meeting all of job goals, '1' not meeting all of job goals. Why GURUS was decommissioned..... a) Customer satisfaction continued to decline while the screen shows ‘0’ b) Measuring ‘quantity, not ‘quality c) ‘Public execution’ for under performing staff d) Easily deceived by ‘data manipulation’ SLIDE 5 Control system: helps link the organization vertically, up and down the organizational hierarchy • Basic functions of control system - Measure or monitor the performances of subunits - Provide feedback to subunit managers regarding the effectiveness of their units Design Options for Control Systems • Four types of control systems - Output control system Bureaucratic control system -......

Words: 1055 - Pages: 5

Free Essay

Macville Risk

...Workplace toolbox talk and training Submission details This assessment task must be submitted online by the due date specified by your Trainer/Assessor and Assessment Plan for this unit of competency. Any variations to this arrangement must be approved in writing by your assessor. Submit a file with the required evidence attached as per * Specifications below * Acknowledgement of original work, free from plagiarism as per Assessment Plan * Special needs (considerations if required see Access & Equity Policy) * Naming document files when submitting assessments (check Assessment Plan) * Identifying the Unit, Assessment Number, student name, student number, date and page number (preferably) in the Footer * Assessor’s additional and particular instruction/s. Performance objective You must be able to research and conduct a toolbox talk on workplace hazards as well as provide effective workplace training and coaching. This assessment is broken into parts A and B. Assessment description You must select, research, and conduct a toolbox talk on a type of workplace hazard that you have identified through consultation with a work group. Toolbox talks are regularly delivered to small groups in the workplace and highlight workplace health and safety issues. The hazards you can choose from include: * * physical hazards * psycho-social hazards * mechanical hazards * chemical hazards * sources of energy * environmental......

Words: 1501 - Pages: 7

Premium Essay

Cryptography Methods

...Unit 3 Discussion 1: Access Control Models 1. Select an access control model that best prevents unauthorized access for each of the five scenarios given in the worksheet 2. Which types of logical access controls should be used in each scenario? Justify your recommendations. Scenario 1. - Discretionary access controls I s a small company consisting of 12 computers only DAC allows each user to control access to their own data and is typically the default access control mechanism for most desktop operating systems. Scenario 2.-Role-based access control Because RBAC is based on a user's job function within the organization to which the computer system belongs. Scenario 3.-Mandatory access controls Because how big is the company MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. Mandatory Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. Scenario 4.- Mandatory access control The design of MAC was defined, and is primarily used by the government. Scenario 5.- Mandatory access control Because all access to resource objects is strictly controlled by the......

Words: 452 - Pages: 2

Free Essay

Assignment

... | |EDEXCEL REGISTRATION NO. |: | | |PROGRAMME |: |HND | |SEMESTER |: |04 | |UNIT NO./TITLE |: |35/ Distributed Design and Development | |ASSIGNMENT NO. |: |01 | |ASSIGNMENT TITLE |: |City Bank Distributed Design System | |UNIT OUTCOMES COVERED |: | | | 35.1 Understand Microsoft architecture for enterprise applications | |35.2 Design a distributed application | |35.3 Build a distributed application ...

Words: 1429 - Pages: 6

Free Essay

Carjack Design

...CHAPTER 1 INTRODUCTION AND BACKGROUND This part is introduction and background will explain about background of project, objectives, problem statement, scope of project. i. Project Title Car Jack with pneumatic system. ii. Abstract The students design a new model car jack with pneumatic system. Pneumatic system is a power transmission system that uses the force of flowing gases to transmit power. A problem statement about car jack is a lot of people need an ergonomics design to reduce musculoskeletal disorders. Musculoskeletal disorders can affect the body’s muscles, joints, tendond, ligament, and nerves. Such as the discs in back bones. The scope of the project is the students have to design a car jack with the ergonomics design based on the human body. There are three main parts of the product. The first parts is spiral balloon. The second part is one way control valve. The third part is hose lock. iii. Keyword Carjack, ergonomics, design, pneumatic system, human body. iv. Background of Project The project is an assignment of the Industrial Design and Ergonomics. Based on the ergomics and human function, the student must design a car jack with ergonomics to help human. In this time, car jack help people to change tire. But a lot of the car jack, use a lot of energy from operator the car jack. So, we design a new model car jack with pneumatic system. Pneumatic system is a power transmission system that uses the force of flowing gases to......

Words: 1459 - Pages: 6

Premium Essay

Computer Networking

...The BS Information technology program includes the study of the utilization of both hardware and software technologies involving planning, installing, customizing, operating, managing and administering, and maintaining information technology infrastructure that provides computing solutions to address the needs of an organization. The program prepares graduates to address various users’ needs involving the selection, development, application, integration and management of computing technologies within an organization Course Title: Free Elective II (Information Assurance and Security) Course Description: This course provides a broad view of information assurance and security and its major subjects: protection of information assets; access to information system; hacking legislation and industrial standards. In addition this course will serve as a guideline for students to make their course selections. Course/Year and Section: BSIT...

Words: 1777 - Pages: 8

Premium Essay

Technology Management

...------------------------------------------------ Top of Form Bottom of Form Chapter 4 - Discussion Questions Read Chapter 4 and answer the Discussion Questions #1, 2, 3 page 78 1. Discuss the effect of the fast pace of technological change on human resources. Since it is known that the higher level technologies tend to be more complex, which results in a requirement for a highly skilled workforce to maintain and sustain, the cost to hire and retain these experts is rising at a pace that is equal or faster than the technologies themselves. The required constant training costs to keep these human resources up to date with the existing and even emerging technologies can put a huge dent in the organizations bottom line. This level of expertise also makes these human resources become a demanded commodity by your competitors, which unless they are contractually bound to remain with your organization, could be a real reason to drastically interrupt your developments until a suitable replacement is acquired. Another effect is that with the attempt to keep pace with these fast paced technological changes, your skilled staff will require constant updated or replaced tools (computers, analytical software, and other financial driven requirements) to enable them to carry out their daily requirements. The positive side to investing in and retaining this level of human resources is that they can then be empowered to make decisions to improve production and other areas that will...

Words: 1255 - Pages: 6

Premium Essay

Informative

...Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT COPY 103 Graded Assignment Requirements 104 Unit 1 Discussion 1: Importance of Security Policies 105 Unit 1 Assignment 1: Security Policies Overcoming Business...

Words: 18421 - Pages: 74