Sample content
Week 2 DQs and Summary
Discussion Question 1 – Week 2 (Friday):
Why should an organization consider implementing Role-Based Access Control (RBAC) over Discretionary Access Controls (DAC) or Mandatory Access Controls (MAC)? Provide an example to put into context the differences between the three approaches.
Access control is the general capability to manipulate a computer resource in a way that enables or restricts it. Access control can be facilitated through physical or system based controls. There are three main types of access control that can be broadly defined; Role-based control (RBAC) Discretionary control (DAC), and Mandatory control (MAC).
Role-based access control (RBAC):
Role-based access control (RBAC) can be defined as a method of access control that restricts users according to their roles or job functions. Specific personnel are assigned the roles or job functions and their abilities in the system are limited to those enabled by those profiles. Some of the restrictions that can be applied in RBAC are the personnels’ roles, skills, responsibilities, and abilities to be used in the organization. When organizational functions change or evolve the old procedures and/or process and be edited or deleted for new procedures and/or process, this is called role relationships. This makes things easier for the management within the organization because individual users’ privileges can be added or deleted instead of having the need to edit entire groups of people. One example of this is when an individual in the organization has a role change from editor to developer; the individuals access can be changed by management to enable access to the developer resources.
Discretionary Access Control (DAC):
When discretionary access control (DAC) is used the individual user is given the ability to manipulate his or her own data or profile in the system. This access can be granted through an editable list called an access control list. The DAC can list and identify all user groups within the organization’s system, such as editors and developers, and states which permissions the individual or group has inside the system.
Mandatory Access Control (MAC):
The system administrator can control the settings that are defined by the system administrator. These permissions, such as access or usage, are locked and cannot be changed by individual users. MAC is often used by government agencies and access is enabled or denied according to security clearance levels. This type of access can be used to restrict access to things such as databases and websites, those without the security clearance to give permission will be denied access to restricted parts of the system. This type of access control can be tiered and allow several different levels of clearance to access a cor
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Cmgt 430 discussion questions d qs and summary week 2CMGT 430 Discussion Questions DQs and Summary Week 2 2015 version
1. CMGT 430 Discussion Questions DQs and Summary Week 2
Link : http://uopexam.com/product/cmgt-430-discussion-questions-dqs-and-summary-week-2/
Sample content
Week 2 DQs and Summary
Discussion Question 1 – Week 2 (Friday):
2. Why should an organization consider implementing Role-Based Access Control
(RBAC) over Discretionary Access Controls (DAC) or Mandatory Access Controls
(MAC)? Provide an example to put into context the differences between the three
approaches.
Access control is the general capability to manipulate a computer resource in a
way that enables or restricts it. Access control can be facilitated through physical or
system based controls. There are three main types of access control that can be
broadly defined; Role-based control (RBAC) Discretionary control (DAC), and
Mandatory control (MAC).
Role-based access control (RBAC):
Role-based access control (RBAC) can be defined as a method of access control
that restricts users according to their roles or job functions. Specific personnel are
assigned the roles or job functions and their abilities in the system are limited to
those enabled by those profiles. Some of the restrictions that can be applied in
RBAC are the personnels’ roles, skills, responsibilities, and abilities to be used in
the organization. When organizational functions change or evolve the old
procedures and/or process and be edited or deleted for new procedures and/or
process, this is called role relationships. This makes things easier for the
management within the organization because individual users’ privileges can be
added or deleted instead of having the need to edit entire groups of people. One
example of this is when an individual in the organization has a role change from
editor to developer; the individuals access can be changed by management to
enable access to the developer resources.
Discretionary Access Control (DAC):
When discretionary access control (DAC) is used the individual user is given the
ability to manipulate his or her own data or profile in the system. This access can
be granted through an editable list called an access control list. The DAC can list
and identify all user groups within the organization’s system, such as editors and
developers, and states which permissions the individual or group has inside the
system.
Mandatory Access Control (MAC):
The system administrator can control the settings that are defined by the system
administrator. These permissions, such as access or usage, are locked and cannot
be changed by individual users. MAC is often used by government agencies and
access is enabled or denied according to security clearance levels. This type of
3. access can be used to restrict access to things such as databases and websites,
those without the security clearance to give permission will be denied access to
restricted parts of the system. This type of access control can be tiered and allow
several different levels of clearance to access a cor
http://uopexam.com/product/cmgt-430-discussion-questions-dqs-and-summary-week-2/