Assignment
3: Evaluating Access Control Methods
Due Week 6 and worth 100 points
Imagine you are an Information Systems Security
Specialist for a medium-sized federal government contractor. The Chief Security
Officer (CSO) is worried that the organization’s current methods of access
control are no longer sufficient. In order to evaluate the different methods of
access control, the CSO requested that you research: mandatory access control
(MAC), discretionary access control (DAC), and role-based access control
(RBAC). Then, prepare a report addressing positive and negative aspects of each
access control method. This information will be presented to the Board of
Directors at their next meeting. Further, the CSO would like your help in
determining the best access control method for the organization.
Write a three to five (3-5) page paper in which
you:
1. Explain in your own words the elements of the following methods of
access control:
a. Mandatory access control (MAC)
b. Discretionary access control (DAC)
c. Role-based access control (RBAC)
2. Compare and contrast the positive and negative aspects of employing a
MAC, DAC, and RBAC.
3. Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
4. Evaluate the use of MAC, DAC, and RBAC methods in the organization and
recommend the best method for the organization. Provide a rationale for your
response.
5. Speculate on the foreseen challenge(s) when the organization applies the
method you chose. Suggest a strategy to address such challenge(s).
6. Use at least three (3) quality resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting
requirements:
·
Be typed, double spaced, using Times New Roman font
(size 12), with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for any
additional instructions.
·
Include a cover page containing the title of the
assignment, the student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated
with this assignment are:
·
Analyze information security systems compliance
requirements within the User Domain.
·
Use technology and information resources to
research issues in security strategy and policy formation.
·
Write clearly and concisely about topics related to
information technology audit and control using proper writing mechanics and
technical style conventions.
Clickhereto view the grading rubric.
