Using Roles Paper Week 3 Individual
Using Roles Paper
This paper will discuss a better way to control user access to data is to tie data access to the role a user plays in an organization. It will cover the value of separating duties in the organization. Then discuss the value of using roles to segregate the data and system access needs of individuals in the organization. Then describe in detail why a role-based access control system (RBAC) would be the best way to accomplish this. Finally, how to handle distributed trust management issues for users going to or from business partner networks.
The value of separation of duties is an essential security standard that certifies that a specific user does not have a proficiency to misuse his or her capabilities or make substantial oversights. No user should have the influence to cause destruction acting on his or her acknowledge. The security standard is not confined to computer systems and has been in use in modern society for eras. Allocating that function into separate steps is crucial for the purpose to work, or for the command that enables that function to be neglected. Splitting the roles across multiple departments and different locations can help subsidize duty to reducing fundamental threat.
At the same time separations of duty limitations have been composed into an information system, users are looking for ways around the access authorizations because of pressure. In large organizations it is the role of the auditor to detect these intervals of control but often this is an unattainable assignment. Whenever it is difficult to segregate, other devices such as monitoring of activities, audit trails should be anticipated. It is important that security audit stays impartial.
RBAC model provides a wide scope throughout a company to control method for managing IT assets although still sustaining the most wanted level of security. Role-based permissions can be inserted and renovated quickly across multiple systems, applications and wide
This paper will discuss a better way to control user access to data is to tie data access to the role a user plays in an organization. It will cover the value of separating duties in the organization. Then discuss the value of using roles to segregate the data and system access needs of individuals in the organization. Then describe in detail why a role-based access control system (RBAC) would be the best way to accomplish this. Finally, how to handle distributed trust management issues for users going to or from business partner networks.
The value of separation of duties is an essential security standard that certifies that a specific user does not have a proficiency to misuse his or her capabilities or make substantial oversights. No user should have the influence to cause destruction acting on his or her acknowledge. The security standard is not confined to computer systems and has been in use in modern society for eras. Allocating that function into separate steps is crucial for the purpose to work, or for the command that enables that function to be neglected. Splitting the roles across multiple departments and different locations can help subsidize duty to reducing fundamental threat.
At the same time separations of duty limitations have been composed into an information system, users are looking for ways around the access authorizations because of pressure. In large organizations it is the role of the auditor to detect these intervals of control but often this is an unattainable assignment. Whenever it is difficult to segregate, other devices such as monitoring of activities, audit trails should be anticipated. It is important that security audit stays impartial.
RBAC model provides a wide scope throughout a company to control method for managing IT assets although still sustaining the most wanted level of security. Role-based permissions can be inserted and renovated quickly across multiple systems, applications and wide
References: O’Brien, J. A., & Marakas, G. M. (2011). Management information systems (10th ed.). New York, NY: McGraw-Hill. Stallings, W., & Brown, L. (2012) Computer security: Principles and practice (2nd ed.). Boston, MA: Pearson. Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology/Cengage Learning.