Access Control Methods for Information Systems Term Paper

Open, View, and/or
Download this Document

Total Length: 1339 words ( 4 double-spaced pages)

Total Sources: 4

Page 1 of 4

Introduction

In the field of information security, access control refers to the selective restriction of access to a resource. It is a security technique that is used to regulate who or what can use or view a resource within a computing environment. Basically, there are two main types of access controls namely logical and physical. Physical access control will limit the physical access to buildings, and IT assets, while logical access will limit connection to computer networks, data, and system files (Younis, Kifayat, & Merabti, 2014). Access control systems are charged with performing identification, authorization, authentication, approval, access, and accountability of the entities by using login credentials. There are three main types of access control that will be discussed in this paper namely mandatory access control, discretionary access control, and role-based access control.

Elements of Access Control

Mandatory access control (MAC) is a security strategy where only the administrator has the ability to determine access control. This means resource owners will be restricted in their ability to deny or grant access to their resource object within a file system (Younis et al., 2014). MAC criteria are strictly enforced by the operating system and cannot be altered by the end users. Discretionary access control (DAC) is a security strategy where the owner of the file or object will determine the subjects or individual who can access the object (Choi, Choi, & Kim, 2014). This access control strategy is referred to as discretionary because control of access is determined at the discretion of the owner. Role-based access control (RBAC) is an access control strategy that is based on the roles of the individual users within an enterprise. The roles are mostly defined according to authority, job competency, and responsibility within the enterprise.

Positive and Negative Aspects of Each Access Control

The advantages of using MAC is it provides tighter security because only the system administrator is able to access and alter the specified controls.

Stuck Writing Your "Access Control Methods for Information Systems" Term Paper?

View All Our Example Access Control Methods for Information Systems Term Paper

Have A Custom Example Essay Written

This ensures that only the authorized individuals will have access to the resources and an authorized individual can only access the resources that are within their clearance level. Another advantage is that MAC policies reduce security errors. This means that there are few instances of an individual being able to access a file that they are not authorized to access. The disadvantage of MAC is that it is more complex to manage the policy. Only highly experienced systems administrators are able to work with MAC enabled systems. Another disadvantage is that the model reduces the performance of the system because the system has to check accesses and access rule before granting access to an individual.

The advantage of DAC is that is easy to implement. This means that one can have a security policy setup quite easily without the need for much knowledge or understanding of information security. When using DAC, it is possible for a user to transfer ownership of an object to another user (Choi et al., 2014). The disadvantage of DAC is its inherent vulnerabilities to malicious programs. DAC is vulnerable to processes because it can execute malicious programs.

RBAC has the advantage of reducing administrative work. When using RBAC one is able to add and switch roles quickly and have them implemented globally across platforms, operating systems, and applications (Fadhel, Bianculli, & Briand, 2015). There is also a reduced potential for errors when assigning user permissions. RBAC also has the advantage of maximizing operational efficiency in that all the roles can be aligned with the organizational structure of the company. RBAC is prone to role explosion. In most instances, most administrators will add roles to users, but they will not remove the roles when the user’s role changes.

Possible Methods for Mitigate….....

Show More ⇣

     Open the full completed essay and source list


OR

     Order a one-of-a-kind custom essay on this topic


sample essay writing service

Cite This Resource:

Latest APA Format (6th edition)

Copy Reference
"Access Control Methods For Information Systems" (2018, February 10) Retrieved May 21, 2025, from
https://www.aceyourpaper.com/essays/access-control-methods-information-systems-2166975

Latest MLA Format (8th edition)

Copy Reference
"Access Control Methods For Information Systems" 10 February 2018. Web.21 May. 2025. <
https://www.aceyourpaper.com/essays/access-control-methods-information-systems-2166975>

Latest Chicago Format (16th edition)

Copy Reference
"Access Control Methods For Information Systems", 10 February 2018, Accessed.21 May. 2025,
https://www.aceyourpaper.com/essays/access-control-methods-information-systems-2166975
   

Open, View, and/or
Download this Document
order custom essay example