1. Data storage and access:
a. Access Control Solution:
i. Access control refers to the mechanisms that identify who can and cannot access a network, resource, application, specific action. ii. User access must be considered and then strategies to ensure that only the correct users are able to access the material but be designed. iii. Authentication, authorization, and access controls are closely related.
b. Discretionary Access Control:
i. DAC is based on the permissions associated with authentication credentials like a username and password or a smart card system object by way of an access control list. ii. Access to information is controlled by the owner of the information
c. Mandatory Access Control:
i. MAC assigns a security level to all information and clearances to each user.
ii.
…show more content…
CSA:
i. The Cloud Security Alliance provides guidance for critical areas of focus in cloud computing. ii. They provide guidance on cloud architecture, governing the cloud, and even operating the cloud. iii. As more and more technology moves to cloud based technology it is almost certain that the CSA will have new and emerging regulations that may impact the web application security landscape.
8. Summary:
With the amount of business that UNFO is projecting for the website in the first year it is important to have a well thought out and documented plan for the implementation of the website. It is important to have documentation not only on the development and implementation but of everything involved in the development and lifecycle of the e-commerce platform. The project isn’t over once the website is up and open for business, there is always continued development to improve the site and make if more secure. References
• Harwood, M. (2011). Security strategies in Web applications and social networking. Sudbury, Mass.: Jones & Bartlett Learning.
• European Union Agency for Network and Information Security. (n.d.). ENISA. Retrieved May 31, 2014, from
Mandatory access control is a single user, normally the network admin, who is given access to the users’ rights and privileges. They control access policies and are also in control of choosing which objects and what systems each individual user has access to and what they do not have access to. The access is made in the form of different levels. Each system and all folders containing information are put into a specific classification. The user will be in a certain classification that will only allow them to access data
C2 - Controlled Access Protection: In this sub division similarity protect like C1 but following are the extra protected by this C2: Object protection can be on a single-user basis, Authorization for access may only be assigned by authorized users, Object reuse protection, Mandatory identification and authorization procedures for users, Full auditing of security events, Protected system mode of operation and Added protection for authorization and audit
Control can be denied by limiting and clearly marking the approaches to buildings and properties, thereby channeling visitors into a defined area. Natural Access Control is the use of building and
Natural access controls are ways of making access limited to one or two areas, this is done by
The CRUD Security Matrix: A Technique for Documenting Access Rights by Lunsford & Collins (2008) mentioned to three types of access controls with more details: Mandatory access control (MAC), which must mean users get access formal clearance in all parts of the object before acquiring access to an object. In fact the administrator to delete a user based on the sensitivity of the information is responsible in the object and the level of the user's permission. The user is not entitled to other users to access the object. But in discretionary access control (DAC) grant or deny users access to objects under their control. It said DAC is the weakest form of access control; but it is useful in many places, and control role-based access (RBAC), the
Role-based access control (RBAC) implementation saves time and effort in the management of large numbers of user permissions. It also creates efficient enforcement; users are assigned to specific roles and the roles are assigned permissions based on the user`s job requirement.Users can be assigned multiple roles and each role has a defined set of permissions needed to access different objects. RBAC simplifies the auditing of user permissions for regulatory compliance.
Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.
The safety and security of the WWTC’s physical space and assets is a shared responsibility of all members of the WWTC community. To meet this obligation, WWTC has established Access Control policy provisions to address the design, administration and management of Access Control systems and measures to ensure their integrity. Access Control privileges are determined and assigned by WWTC administrators based on the specific needs and requirements of WWTC and the key/card holder.
Attribute Based Access Control (ABAC) models make utilization of characteristics claimed by the customers, the suppliers, and some different credits identified with the network. Decisions about access or deny are simply based on these attributes (Yuan & Tong 2005).
Computer security is important in every organization. It covers several areas such as locking the computer room and the computer itself, protecting login accounts with passwords, encrypting network communication lines and use of file protection among others. Whitman (2011) points out that computer system security ensures that your computer does what it is supposed to, even if the users do what they should not do. Discretionary Access Control (DAC) is a type of access controls that provides protection to the files in a computer system. This type of control restricts access to files based on the identity of users or groups which they belong. It is discretionary and lets you tell the computer system who can have access to your files and therefore you can specify the type of access allowed. For example, you can allow anyone to read a particular file in the system, but allow only you to be able to change it.
An access control model is a framework that dictates how subjects access objects. There are three main types of access control model mandatory access control, discretionary access control and role-based access control.
Access control and security- This process should restrict access to the retail company’s information. There should also include user names and passwords for customers and also for company employees for administrative areas of the website. This process is critical because this will help keep a trust between the consumer and the store. And it’s gives customers the confidence to put their personal and financial information when ordering from the site and the security processes protect hackers from getting information, theft of passwords and system failures.
Access control has been in use before the growth of the technology world. It could involve a simple action as locking a door. A person locks a door to prevent entry to those who are not allowed or authorize to do so. The same can be said about the security involving databases and the controlling of who can have access and what can be accessed. As far as database security is concerned, there are various categories that are involved in access control. The four main categories of access control include: Discretionary, Mandatory, Role-based, and Rule-based access control.
Access control is the method of identifying a person on the basis of his/her job roles and then authenticates them on as per their identifications and after authentication giving them authority to access the system. In an organisation, as per the information security system employees are granted access as per their job roles and responsibilities and username and password are given to each employee with different rights of system accessibility (read, write or edit) to do their jobs.
In Discretionary Access Control any user can set an entrance control instrument to permit or deny access to an object. DAC relies on the object proprietor to control access. It is generally executed in most working frameworks, and is very familiar access control method. Flexibility is a strength of DAC and a key motivation behind why it is broadly known and actualized in standard working frame.