Controlling user access is a necessity in a world where technology is used to store priceless information. Access control requires systems to identify the user and provide access to particular data. Data integrity is a major concern for a number of organizations that seek to protect information and control assets. The Department of Defense (DOD) in the US has not been left behind in incorporating different computer mechanisms that help control confidential information (Clark & Wilson, 1987, p. 184). The rise of inter-networked computing network poses a great risk for users because the systems are constantly under attack making them untrustworthy. The reason why the computers are susceptible to risk is because of their poor design and lack of quality control (Savage & Schneider, 2009, p. 1). The aim of this essay is to address the significance of controlling user access.
Security policies are implemented by a number of organizations including business and government organizations to protect an organization's information. Information system security is used to protect information against risks that result in unauthorized access, disclosure of confidential information and destruction of valuable information (Johnson, 2010, p. 3). DOD agencies, commercial firms and civilian government concerns on guarding confidential information has resulted in a number of research that aim to present better trustworthy security systems.
[...] This provides extra security since third parties are less likely to access vital information making the system trustworthy while at the same time upholding integrity in an organization. It is important for organizations to separate duties among different employees. For an organization to be able to implement RBAC, roles have to be assigned making it easier for the organization to identify different users. One of the chief importances of separating duties in an organization is to control power in the organization. One person should not have too much influence in any organization. [...]
[...] Organizations should construct application and services processes on a system at the lowest privilege possible. This ensures that the system does not interfere with the operating system in the event of a malfunction. The concept of privilege can also be supported by providing users with specific access that they require and at the same time limit their access to file server (Gregory p. 54). Granting permission to employees that only facilitate their work minimizes internal threats that hinder the performance of an organization. [...]
[...] The DOD applies the Trust Computer System Evaluation Criteria (TCSEC) that offers both Mandatory Access Control (MAC) and Discretionary Access Control (DAC) but fails to uphold integrity. Integrity is the most important role that a security policy should aim to achieve. Department of Defence (DOD) should therefore consider incorporating RBAC to ensure that data and information is amply protected. References Anderson, B., & Mutch, J. (2011). Preventing Good People from Doing Bad Things: Implementing Least Privilege. Apress. Retrieved from Ausanka, R. (n.d). Methods for Access Control: Advances and Limitations. Retrieved from Bishop, M. [...]
[...] Nicholas Leeson had two roles. He was authorized to administer financial derivations trading functions in Singapore and at the same time back-office operations that settled trades (Ferraiolo et al., 2009). If the firm had used an RBAC approach there are chances that Leeson would have been unable to commit fraud because he would only have one role to play in the company. Distributed Trust Management Issues According to Bishop (2003, p. 478) a trustworthy system is one that ensures that an organization's resources are protected and cannot be attacked. [...]
using our reader.