Reference no: EM133428488
Question: Limit your response to this question to no more than 1500 words. When your answers involve the use of cryptographic primitives and protocols, reference examples specifically.
An organization has computer systems comprised of data servers, computing clusters, and employee workstations (such as laptops). All of these computer systems are operated at three physical sites, each of which has an internal network (intranet) over which the different computer systems can communicate. The sites connect with each other over public internet. The following categories of user must access and use the computer system at different levels: software developers, non-engineer employees, clients, and system administrators. System administrators and software developers have physical access to all systems. Non-engineer employees occasionally work at client sites. Clients always access the organization's system over the public internet
Describe an authentication and access control scheme that allows each of the user groups at the organization to effectively use the computer systems while maximizing confidentiality, integrity, and availability of the system.
Describe potential vulnerabilities that this access control scheme has. What are you defending against; what could compromise the confidentiality, integrity, and availability of the system?
State any assumptions about the organization's operations that affect your answers. This question is deliberately open-ended, but you should assume that every component of the computer system is used, and that every type of user accesses some component of the computer system.
How does your response change if the organization is ordered by the government to permit all of its employees to work remotely except when absolutely necessary? Justify any employees who you assert must work on site.