Reference no: EM131500160
ASSIGNMENT
Imagine you are an Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization's current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next meeting. Further, the CSO would like your help in determining the best access control method for the organization.
Write a three to five page paper in which you:
1. Explain in your own words the elements of the following methods of access control:
a. Mandatory access control (MAC)
b. Discretionary access control (DAC)
c. Role-based access control (RBAC)
2. Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC.
3. Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
4. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
5. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
6. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
• Analyze information security systems compliance requirements within the User Domain.
• Use technology and information resources to research issues in security strategy and policy formation.
• Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Explain risk that might result from implementing byod policy
: Identify three risks that might result from implementing a BYOD policy. Suggest a method for mitigating each risk you have identified.
|
Find the burden of the estate tax
: According to a New York Times columnist, "The estate tax affects a surprisingly small number of people. In 2003, just 1.25 percent of all deaths.
|
Create a literature review
: Create a literature review, incorporating each of your references (minimum of five), tying them to each other and to the thesis of your project in a single narrative
|
E-commerce highlighting best-in-class
: You will develop a research paper on e-commerce highlighting best-in-class examples of B2C, B2B, C2C, and m-commerce.
|
Suggest methods to mitigate the negative aspects for mac
: Write a three to five page paper in which you: Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
|
How much income will sharlene fail to report
: Suppose that Sharlene faces a marginal income tax rate of 35 percent, and if she cheats on her taxes, there is a 2 percent chance that she will be caught.
|
Define concept of the time inconsistency of optimal policy
: The government provides patents to pharmaceutical companies that allow them to charge high prices for the drugs they develop for some years.
|
Acquisition and utilization of financial assets
: Whose job is it to plan and organize the acquisition and utilization of financial assets?
|
Determine the type of computer forensic skills
: Determine the type of computer forensic skills and procedures or tools that could have been used to extract and preserve the data.
|