CANDIDATE NAME: NAZIFI IDRIS KHALID
STUDENT NUMBER: C1473542
MODULE CODE: CMT 104
MODULE TITLE: INFORMATION, NETWORK AND CYBER SECURITY
SEMINAR TUTOR: DR. PETE BURNAP
ESSAY TITLE / COURSEWORK: COURSEWORK
WORD COUNT: 1500
Review of Existing Literature:
The most important goal of any access control model is to provide a verifiable system that guarantees the protection of any information from being accessed by an unauthorised party; in line with some defined security policies (Ausanka-crues 2006). Many access control models have evolved over time that manage access to resources in the organisation. With each one leveraging on a particular element of security. The Bell- Lapadula model for example focuses on Confidentiality; while the Biba
…show more content…
The User does not have any privilege to change or modify his setting or access level to any party. On the other end, Discretionary Access Control Model gives the User all the rights and privileges over any object on his profile including all the programs associated with it. This means that the User can be able to modify security settings and privileges for others. This of course is very flexible at the expense of security rigidity. Which in turn may lead to misuse or abuse of privilege which is a major setback for this model. Rule Based Access Control is administered based on some predefined rules set by the Systems Administrator for each User. This means that there are as equal the rules set as the number of Users in the Organisation. This eventually becomes cumbersome as the number of Users gets larger.(Anon n.d.). The Role Based Access Control is based on the user’s role or job functions. Permissions are granted to the role and not the individual. For example if the user performs role of a Deputy Manager, he is mapped to the role of a Deputy Manager. And thus He shares a common role with any other User of the same position in the same Organisation. This access control model offers more flexibility and ease of Management to the Administrator from a central location; as there are fewer roles to manage as compared to the number of Users. Context Aware Access Control takes into consideration the context information of
Using proxy software Burp Suite it was discovered that the shopping site contained a hidden form field that could be manipulated.
Discretionary access control means only certain permitted users are allowed access to specific things. However, someone with permitted access can let another user use their access. The least privilege principal is where access is only granted to certain systems and certain data that is needed to do the users job. Sometimes temporary access is given to data that is required to access random jobs or to see what that user is doing. When this happens, the access is only temporary, it is imperative to uphold the principal of least privilege to ensure that user does not have access to the data when the job finished.
C1 - Discretionary Security Protection: In this sub division Access Control Lists (ACLs) security which protect User/Group/World. Security will protect following Users who are all on the same security level, Username and Password protection and secure authorisations database (ADB), Protected operating system and system operations mode, Periodic integrity checking of TCB, Tested security mechanisms with no obvious bypasses, Documentation for User Security, Documentation for Systems Administration Security, Documentation for Security Testing, TCB design documentation and Typically for users on the same security level.
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
M2 – Explain the operation and use of encryption technique in ensuring security of transmitted information
The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline
mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.
Information security is the protection of information against accidental or malicious disclosure, modification or destruction. Information is an important, valuable asset of IDI which must be managed with care. All information has a value to IDI. However, not all of this information has an equal value or requires the same level of protection. Access controls are put in place to protect information by controlling who has the rights to use different information resources and by guarding against unauthorised use. Formal procedures must control how access to information is granted and how such access is changed. This policy also mandates a standard for the creation of strong passwords, their protection and frequency of change.
Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.
As the use of computers, databases, and technology in general, security has grown to be a powerful tool that has to be used. The threat of outside sources intruding and exploiting crucial information is a threat that is present on a daily basis. As a part of creating and implementing a security policy, a user must consider access control. Access Control is a security tool that is used to control who can use or gain access to the protected technology. Access control security includes two levels; logical and physical. Though database intrusions can happen at any moment, access control provides another security barrier that is needed.
Cyber Security also called computer security and IT security, is the assurance of data from theft or any harm to the gadget, the product and information stored on hardware. It incorporates controlling physical access to the equipment and additionally ensuring against code or data injection or via network access.
The intent of this security proposal is to ensure the ongoing protection and data security for a government agency's data center. Security and access privileges will be defined at the role and department levels, with added authentication for system administrators and members of the IT staff. Role-based access to this government facility will be tracked continually and reported using real-time log reporting and analysis (Amsel, 1988). This role-based approach to managing security will provide for inclusion of authentication, detection and deterrence in the areas of social engineering, firewalls, Virtual Private Networks (VPNs), authentication, security protocols and vulnerability assessments.
With this being a small section of the overall interview a lot was played to the bear of reality of how much still needs to be learned. With the point about our nation, intellectual property, cyber warfare, and attacks on financial institutions. This was a video recording from 2013 about situations happening during that time. Not being able to see into the future of what would happen what still needs to be learned and what has worked.
Confidentiality: Access controls help ensure that only authorized subjects can access objects. When unauthorized entities are able to access systems or data, it results in a loss of confidentiality.
Access matrix model: Provides object access rights (read/write/execute, or R/W/X) to subjects in a discretionary access control (DAC) system. An access