Evaluating Access Control Methods

Imagine that you are the Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization’s current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control method. This information will be presented to the Board of Directors at their next meeting. Further, the CSO would like your help in determining the best access control method for the organization.

Write a five to seven page paper in which you:

1. Thoroughly explain in your own words the elements of the following methods of access control:
   1. Mandatory access control (MAC)
   2. Discretionary access control (DAC)
   3. Role-based access control (RBAC)
2. Thoroughly compare and contrast the positive and negative aspects of employing a MAC, DAC, and RBAC.
3. Thoroughly suggest methods to mitigate the negative aspects for MAC, DAC, and RBAC.
4. Thoroughly evaluate the use of MAC, DAC, and RBAC methods in the organization and recommend the best method for the organization. Provide a rationale for your response.
5. Thoroughly speculate on the foreseen challenge(s) when the organization applies the method you chose. Suggest a strategy to address such challenge(s).
6. Include quantitative data and qualitative statements
7. Incorporate at least one graphic in this paper
8. Use a minimum of six quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
9. Analyze information security systems compliance requirements within the User Domain.
10. Use technology and information resources to research issues in security strategy and policy formation