Information, Network And Cyber Security - 1455 Words

CANDIDATE NAME: NAZIFI IDRIS KHALID STUDENT NUMBER: C1473542 MODULE CODE: CMT 104 MODULE TITLE: INFORMATION, NETWORK AND CYBER SECURITY SEMINAR TUTOR: DR. PETE BURNAP ESSAY TITLE / COURSEWORK: COURSEWORK WORD COUNT: 1500 Review of Existing Literature: The most important goal of any access control model is to provide a verifiable system that guarantees the protection of any information from being accessed by an unauthorised party; in line with some defined security policies (Ausanka-crues 2006). Many access control models have evolved over time that manage access to resources in the organisation. With each one leveraging on a particular element of security. The Bell- Lapadula model for example focuses on Confidentiality; while the Biba†¦show more content†¦The User does not have any privilege to change or modify his setting or access level to any party. On the other end, Discretionary Access Control Model gives the User all the rights and privileges over any object on his profile including all the programs associated with it. This means that the User can be able to modify security settings and privileges for others. This of course is very flexible at the expense of security rigidity. Which in turn may lead to misuse or ab use of privilege which is a major setback for this model. Rule Based Access Control is administered based on some predefined rules set by the Systems Administrator for each User. This means that there are as equal the rules set as the number of Users in the Organisation. This eventually becomes cumbersome as the number of Users gets larger.(Anon n.d.). The Role Based Access Control is based on the user’s role or job functions. Permissions are granted to the role and not the individual. For example if the user performs role of a Deputy Manager, he is mapped to the role of a Deputy Manager. And thus He shares a common role with any other User of the same position in the same Organisation. This access control model offers more flexibility and ease of Management to the Administrator from a central location; as there are fewer roles to manage as compared to the number of Users. Context Aware Access Control takes into consideration the context information of