Richman Investments has decided to spread out their concern. We have been given their new growing projections of 10. 000 employees in 20 states. with 5. 000 located within the U. S. Richman has besides established eight subdivision offices located throughout the U. S. and has designated Phoenix. AZ being the chief central office. With this scenario. I intend to plan a distant entree control policy for all systems. applications and informations entree within Richman Investments.
With so many different manners of Access Control to take from it is my appraisal that by taking merely one theoretical account would non be appropriate for Richman Investments.
My recommendation would be a combination of multiple Access Control Models that overlap to supply maximal coverage and overall security. Here are my suggestions for entree controls.
Role Based Access Control or RBAC. this will work good with the Non-Discretionary Access Control theoretical account. which will be detailed in the following paragraph. RBAC is defined as puting permissions or allowing entree to a group of people with the same occupation functions or duties.
With many different locations along with many different users it is of import to place the different users and different workstations within this web.
Every attempt should be dedicated towards forestalling user to entree information they should non hold entree to. Non-Discretionary Access Control is defined as controls that are monitored by a security decision maker. While RBAC identifies those with permissions. it is a security decision maker that should farther place the degree of entree to each Role that is created.
The security decision maker should besides denominate certain users or workstations entree to the information available within the web.
Rule Based Access Control can besides be linked to the first two theoretical accounts detailed in the paper ( RBAC and Non-Discretionary ) . and is similar to RBAC. Rule Based Access Control is a set of regulations to find which users have entree to what information. Within each Role Based Access Control security can be farther refined by using Rules. These regulations will be defined by the security decision maker as portion of the Non-Discretionary Access Control theoretical account.
Constrained User Interface incorporates similar constructs of two other entree control theoretical accounts that have been detailed. Role Base and Rule Base. Constrained User Interface is defined as a user’s ability to acquire into certain resources based on the user’s rights and privileges. These rights and privileges are restricted and constrained on the plus they are trying to entree. While this requires many degrees of protection it provides restrictions on the petition entree to the resources available within the organisation.
Another illustration of a entree control theoretical account that can be applied in this state of affairs is known as the Clark and Wilson Integrity Model. This theoretical account provides betterments from the Biba Integrity Model of entree control. Developed by David Clark and David Wilson. the manner concentrates on what happens when a user attempts to make things they are non permitted to make. which was one defect of the Biba Integrity Model. The other defect that was addressed was the theoretical account besides reviews internal unity menaces.
There are 3 cardinal elements of the Clark and Wilson unity theoretical account ; the first it stops unauthorised users from doing alterations within the system. The 2nd. it stops authorised users from doing improper alterations. and the 3rd. it maintains consistence both internally and externally. Within the Clark and Wilson model a user’s entree is controlled by permissions. specifically to put to death plans with authorised users holding entree to plans that allow alterations.
While some of these theoretical accounts are similar they work best when working with each other. By supplying multiple theoretical accounts of entree controls within the web it will supply a more robust coverage of entree control. It would non be good to use merely one entree control theoretical account as there can be flaws and exposures for a individual entree control manner. Mentions:
Kim. D. . & A ; Solomon. M. G. ( 2012 ) . Fundamentalss of Information Systems SecuritY. Sudbury: Jones & A ; Bartlett Learning.