Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Contrast access control in relations to risk, threat and vulnerability. Explain

ID: 3751703 • Letter: C

Question

Contrast access control in relations to risk, threat and vulnerability.

Explain the relationship between access control and its impact on CIA (maintaining network confidentiality, integrity and availability).

Describe access control and its level of importance within information security.

Argue the need for organizations to take implement access controls in relations to maintaining confidentiality, integrity and availability (e.g., Is it a risky practice to store customer information for repeat visits?)

Describe the necessary components within an organizations access control metric.

Use at least two (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Explanation / Answer

Access control in relations to risk, threat and vulnerability

What is Risk?

Risk states the possibility of future uncertainty about the deviation from an expected outcome/goal. It may be related to leaking of data or any compromise in the privacy of any user. It may actually result into a potential loss, damage or destruction to an asset.

What is vulnerability?

A vulnerability describes a gap or weakness in the protection efforts of an organization. It can be exploited by threats to gain unauthorized access to a particular asset of the organization. For eg. A website is vulnerable to external threats if its url isn't properly encrypted.

What is Threat?

Threats can be anything whether external or internal, whether intentional or accidental that can damage or destroy an asset.

How access control is related to them?

Access control helps minimizing the risk to the business or organization by eliminating any of the possible vulnerabilities to the system.

Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, we can have a vulnerability, but if we have no threat, then we have little/no risk.

Access control eliminates vulnerabilities by:

Access control tries to eliminate threats by:

The relationship between access control and its impact on CIA

CIA describes the major pillars of any organization i.e Confidentiality, Integrity and Availability.

Relation with Confidentiality:

It’s preserving the secrets or private credentials onto the server or cloud. Data confidentiality needs to be addressed at collection, transport, and rest whether that’s in the cloud or on premises in your data center.

Vulnerability management, including a WAF (Web Application Firewall), are the primary controls one should have in place to prevent an application exploit from compromising their app and the confidentiality of the data in it. These days, there is no reason not to use TLS technology to encrypt communications between the user and the web application server. Data kept in the cloud or on premises should also be fully encrypted to prevent unauthorized access. In this way, access control helps maintaining confidentiality.

Relation with Integrity:

Integrity helps ensuring that a particular application is performing as intended and the private data is available to the intended users only.

Development and operations teams need to create secure foundations for access to all their applications and data. They also need to manage change control so unintended changes don’t cause the application to perform in ways that impact the integrity of the data.

Example: Implementing tools like WebSafe and a WAF limit the ability for nefarious actors to inject bad data into the application, protecting against a full range of threats to help reduce loss and exposure.

Relation with Availability:

Availability is keeping the application lights on i.e ensuring that the personal information / data is always available to the intended user.

Access control helps the user to authenticate anytime and from anywhere around the globe. It also helps users getting authorized for accessing some of confidential data of the organization.

DDoS attacks may threaten the security of the application due to 24x7 availability. In order to prevent DDoS, we can Use a WAF or DDoS protection appliance to prevent layer 7 (application-level) attacks.

Access control and its level of importance within information security

Access controls are security features that control how people can interact with systems, and resources. The main goal of access control is to protect system from un-authorized access.

There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.

To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings as well as alarms and lockdown capabilities to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors. Multifactor authentication, which requires two or more authentication factors, is often an important part of layered defense to protect access control systems.

These security controls work by identifying an individual or entity, verifying that the person or application is who or what it claims to be, and authorizing the access level and set of actions associated with the username or IP address. Directory services and protocols, including the Local Directory Access Protocol (LDAP) and the Security Assertion Markup Language (SAML), provide access controls for authenticating and authorizing users and entities and enabling them to connect to computer resources, such as distributed applications and web servers. Thus, it’s of prime importance to have access control in order to maintain information security.

Need for organizations to take implement access controls in relations to maintaining confidentiality, integrity and availability

There’s no ambiguity in stating that implementing access control is of prime importance to the organization as it helps maintaining the three major pillars of the information security i.e confidentiality, integrity and availability.

Now discussing about the basic needs:

e.g. Is it a risky practice to store customer information for repeat visits?

Yes, it might be a risky practice to store customer information for repeat visits if session management isn’t implemented properly i.e it must be ensured that session expires after a certain amount of time and also it must be ensured that the verification of the identity of the user is done as per his/her previous session.

Necessary components within an organizations access control metric

Organizations planning to implement an access control system should consider three abstractions/components:

Access control policies are high-level requirements that specify how access is managed and who may access information under what circumstances. For instance, policies may pertain to resource usage within or across organizational units or may be based on need-to-know, competence, authority, obligation, or conflict-of-interest factors.

At a high level, access control policies are enforced through a mechanism that translates a user’s access request, often in terms of a structure that a system provides. Access Control List is a familiar example.

Access control models bridge the gap in abstraction between policy and mechanism. Rather than attempting to evaluate and analyze access control systems exclusively at the mechanism level, security models are usually written to describe the security properties of an access control system. Security models are formal presentations of the security policy enforced by the system, and are useful for proving theoretical limitations of a system.

Related Questions

Continuity An air compressor is used to pressurize a tank volume of 3m3. Simulta
Question #1816714
Continuity of Functions on Metric Spaces Let x0 be a particular point in a metri
Question #3081023
Continuous Distillation Question Since isopropanol is hygroscopic, it attracts m
Question #701482
Continuous Flow vs. Departmental Flow Manufacturing Anderson Company has the fol
Question #2522847
Continuous Improvement (Kaizen) Costing Assume that GE Capital, a division of Ge
Question #2578225
Continuous Linear system problem. Please help!! An audio recorder is designed to
Question #1841138
Continuous Linear system problem. Please help!! An audio recorder is designed to
Question #2315226
Continuous Probability Distributions Show all workings. Question 1 The coffee sh
Question #3327203
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Contrary to what you might expect, the acetal shown below prefers to adopt the c
Next
Contrast negative and positive regulation in the lac operon. Which of the follow

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.