Role-based Security Response

  

Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline. 

RESPONSE 1:

Access Controls are locks to keep unauthorized people from accessing something such as a computer, building, phone, and anything else that requires keeping people out. Access controls in the case of information technology is important to restricting access to physical locations as well as computer systems to maintain the integrity of the system and keep nefarious actors from causing harm (Kim & Solomon, 2014).

SSO is an acronym for Single Sign-On that allows an administrator to setup accounts that authenticate the user once and will give them access to the parts of the system they are authorized to access without having to sign-in again. SSO is very attractive to administrators because it can reduce human error, however it can be difficult to setup (Kim & Solomon, 2014).

There are four parts of Access Control, they are Authorization, Identification, Authentication, and Accountability. Authorization is what the users are allowed to access, Identification is how the system identifies the user, Authentication is the process of verifying a user’s Identification, Accountability is referring to being able to trace who made changes to information and other parts of the system and the ability to identify them (Kim & Solomon, 2014).

There are two types of access controls, physical and logical. Physical access controls restrict access to buildings, these controls are very important regarding access to a server room or other sensitive equipment. Access should be tightly controlled to spaces housing parts of the system to prevent unauthorized access. Logical access controls refer to access to computer systems. Most people do not consider what is taking place when you enter your username and password into your computer, email account, social media account, etc., these are all examples of logical access controls (Kim & Solomon, 2014).

RESPONSE 2:

This week we are talking about access control. Access control is the method of the person saying they are who they say they are. This allows only the correct people to have certain access in a company. “At a high level, access control is a selective restriction of access to data” (Martin, 2019). Access control consists of two different categories they are authorization and authentication. The person is who they say they are and they are given access to whatever it is in the system. 

SSO stands for single sign on. This allows for users to use the same password and user name across different apps. “An average user logs into 10 apps a day and almost 30 apps a month on a mobile phone” (SSO-Single Sign on). Could you even imagine having to put your username and password in each time you signed into an app? That would be super annoying esp if you use different user names and passwords for such. There are 4 different types of access control. There is DAC which stands for discretionary action control so the owner determines who gets access. There is MAC not to be confused with your computer which stands for Mandatory access control this one means that the people who have access have to have information clearance. Next we have RBAC which is role based access control which means that users only have access to what they need to do their jobs. Lastly, we have ABAC which is attribute based access control which looks at the users location. This one is used with HIPPA for example doctors do not need to see any medical records if they are at home. So they would be denied.

Tags: No tags