Compare and contrast access control models. Select an access control model that best prevents unauthorized access for each of the five scenarios given below. Which types of logical access controls should be used in each scenario? Justify your recommendations.
Access control models:
Mandatory access controls
Discretionary access controls
Role-based access controls
Rule-based access controls
Content-dependent access controls
Nondiscretionary access controls
Scenarios:
1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access.
a. (DAC) Discretionary Access Control. Being that the business is small and not in need of higher security measures, it would be the easiest to maintain and monitor for a small business.
2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones.
a. (MAC) Mandatory Access Control. The employees primarily communicate using smartphones; which proves as a possible security risk. MAC is stronger than DAC but, still easily monitored for a small business; which makes this the top choice for Top Ads.
3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively.
a. (RBAC) Role Based Access Control. With the company being as large as it is and the employees traveling and/or working from home, the roles set by a Security Administrator would be the most secure and efficient way of providing different levels of clearance to individual users. It would take time to start from nothing but, once the security measures are in place it would be easy to monitor and to manage.
4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail.
a.