Essay about Distributed Software Engineering

Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.

When deciding how to grant access to users, the main concept is limiting access. Users should be granted only based on level of permissions they need in order to perform their job duties. By placing users into groups according to their job titles in an organization, this will provide these users access to company information and resources in the network. These group assignments will allow an organization to give users only what they need to complete their job tasks and ensure that unauthorized access is limited.

Access refers to the inflow or exchange of information between a subject(person) and a resource which could be a system, it could also be seen as the unrestricted activity an individual is allowed to perform within any given scenario or environment.

Access control refers to the mechanisms that identify who can and cannot access a network, resource, application, specific action.

A group in an organization is used by the employees or users to read wow and share the information. The permissions like read, write, execute and share are provided based on the job roles.

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of

2. The process of granting users access to file server shares by reading their permissions is called

mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.

Access control rules and procedures are required to regulate who can access IDI information resources or systems and the associated access privileges. This

The organization has a security objective of protecting the database from being altered. Since the data is held in the system, there are regulations that have been set to the users, and there are also limits to the functions that each user performs. In this case, there are three categories of users each with clearly defined responsibilities. For instance, the administration team has been given full control of the application in that they can even alter codes and perform any variations to the database objects. The other groups of users are the executives; these have the ability to access all the information

Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.

Software engineering (SE) is the profession concerned with specifying, designing, developing and maintaining software applications by applying technologies and practices from computer science, project management, and other fields.

Access control has been in use before the growth of the technology world. It could involve a simple action as locking a door. A person locks a door to prevent entry to those who are not allowed or authorize to do so. The same can be said about the security involving databases and the controlling of who can have access and what can be accessed. As far as database security is concerned, there are various categories that are involved in access control. The four main categories of access control include: Discretionary, Mandatory, Role-based, and Rule-based access control.

Access control: The ability to permit or deny the use of an object (a passive entity such as a system or file) by a subject (an active entity such as a person or process).