Imagine you are an Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization’s current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next meeting. Further, the CSO would like your help in determining the best access control method for the organization.
Write a three to five (3-5) page paper in which you:
- Explain in your own words the elements of the following methods of access control:
- Mandatory access control (MAC)
- Discretionary access control (DAC)
- Role-based access control (RBAC)
- Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC.
- Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
- Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
- Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
- Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Analyze information security systems compliance requirements within the User Domain.
- Use technology and information resources to research issues in security strategy and policy formation.
- Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Click here to view the grading rubric.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.
Points: 100 | Assignment 3: Evaluating Access Control Methods | ||||
Criteria |
Unacceptable Below 60% F |
Meets Minimum Expectations
60-69% D |
Fair 70-79% C |
Proficient 80-89% B |
Exemplary 90-100% A |
1. Explain in your own words the elements of the following methods of access control: a) Mandatory access control (MAC); b) Discretionary access control (DAC); c) Role-based access control (RBAC).
Weight: 15% |
Did not submit or incompletelyexplained in your own words the elements of the following methods of access control: a) Mandatory access control (MAC); b) Discretionary access control (DAC); c) Role-based access control (RBAC). | Insufficiently explained in your own words the elements of the following methods of access control: a) Mandatory access control (MAC); b) Discretionary access control (DAC); c) Role-based access control (RBAC). | Partially explained in your own words the elements of the following methods of access control: a) Mandatory access control (MAC); b) Discretionary access control (DAC); c) Role-based access control (RBAC). | Satisfactorily explained in your own words the elements of the following methods of access control: a) Mandatory access control (MAC); b) Discretionary access control (DAC); c) Role-based access control (RBAC). | Thoroughly explained in your own words the elements of the following methods of access control: a) Mandatory access control (MAC); b) Discretionary access control (DAC); c) Role-based access control (RBAC). |
2. Compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC. Weight: 15% |
Did not submit or incompletely compared and did not submit or incompletely contrasted the positive and negative aspects of employing a MAC, DAC, and RBAC. | Insufficiently compared and insufficiently contrasted the positive and negative aspects of employing a MAC, DAC, and RBAC. | Partially compared and partially contrasted the positive and negative aspects of employing a MAC, DAC, and RBAC. | Satisfactorily compared and satisfactorily contrasted the positive and negative aspects of employing a MAC, DAC, and RBAC. | Thoroughly compared and thoroughly contrasted the positive and negative aspects of employing a MAC, DAC, and RBAC. |
3. Suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
Weight: 15% |
Did not submit or incompletelysuggested methods to mitigate the negative aspects for MAC, DAC, and RBAC. | Insufficiently suggested methods to mitigate the negative aspects for MAC, DAC, and RBAC. | Partially suggested methods to mitigate the negative aspects for MAC, DAC, and RBAC. | Satisfactorily suggested methods to mitigate the negative aspects for MAC, DAC, and RBAC. | Thoroughly suggested methods to mitigate the negative aspects for MAC, DAC, and RBAC. |
4. Evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
Weight: 25% |
Did not submit or incompletelyevaluated the use of MAC, DAC, and RBAC methods in the organization and did not submit or incompletelyrecommended the best method for the organization. Did not submit or incompletelyprovided a rationale for your response. | Insufficiently evaluated the use of MAC, DAC, and RBAC methods in the organization and insufficiently recommended the best method for the organization. Insufficiently provided a rationale for your response. | Partially evaluated the use of MAC, DAC, and RBAC methods in the organization and partially recommended the best method for the organization. Partially provided a rationale for your response. | Satisfactorily evaluated the use of MAC, DAC, and RBAC methods in the organization and satisfactorily recommended the best method for the organization. Satisfactorily provided a rationale for your response. | Thoroughly evaluated the use of MAC, DAC, and RBAC methods in the organization and thoroughly recommended the best method for the organization. Thoroughly provided a rationale for your response. |
5. Speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
Weight: 15% |
Did not submit or incompletelyspeculated on the foreseen challenge(s) when the organization applies the method you chose. Did not submit or incompletelysuggested a strategy to address such challenge(s). | Insufficiently speculated on the foreseen challenge(s) when the organization applies the method you chose. Insufficiently suggested a strategy to address such challenge(s). | Partially speculated on the foreseen challenge(s) when the organization applies the method you chose. Partially suggested a strategy to address such challenge(s). | Satisfactorily speculated on the foreseen challenge(s) when the organization applies the method you chose. Satisfactorily suggested a strategy to address such challenge(s). | Thoroughly speculated on the foreseen challenge(s) when the organization applies the method you chose. Thoroughly suggested a strategy to address such challenge(s). |
6. 3 references
Weight: 5% |
No references provided | Does not meet the required number of references; all references poor quality choices. | Does not meet the required number of references; some references poor quality choices. | Meets number of required references; all references high quality choices. | Exceeds number of required references; all references high quality choices. |
7. Clarity, writing mechanics, and formatting requirements
Weight: 10% |
More than 8 errors present | 7-8 errors present | 5-6 errors present | 3-4 errors present | 0-2 errors present |