Acess Control Csec630

Security must be embedded within application for access control to prevent unauthorized users from accessing its functions. Access control models are a common approach used in implementing security privileges and restrictions (Ciampa, 2008). An access control model provides a well stated framework for software and hardware developers who need to implement access control in their application or devices. When an access control model is used, IT professionals can configure security based on the requirements set by the owner so that end users perform their duties.

Defining and enforcing appropriate access levels for information is how an organization can protect confidentiality. Protecting confidentiality involves separating information into discrete collections organized by who should have access to it and how sensitive it is (for example, how much and what type of damage you would suffer it confidentiality was breached).

By implanting Role-based Access Control (RBAC) and Bell LaPadula Model, on would be able to protect the confidentiality of the information. In RBAC, privileges are tied to the role a user performs in an organization and are inherited when a user is assigned to that role. In RBAC, roles are separate on the system and reduce the exposure of more sensitive accounts. The Belle LaPadula serves to protect the confidentiality of the information (Goodrich & Tamassia, 2011). .The Belle LaPadula prevents the lacking of classified information to less secure clearance levels. It is accomplished by rejecting lower classified subjects to information to less secure clearance levels (Gibson, 2011). The Belle LaPadula does not address the integrity or availability for the information, however ensures the confidentiality of the information.

Resources:

Goodrich, M. & Tamassia, R. (2011). Introduction to Computer Security. Boston, MA: Pearson

Ciampa, M.(2008). “CompTIA Security+ 2008 in Depth”. Boston, MA: Course Technology