Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Topic: Role-based Security

• What is Access Control?
• What is SSO and what are some of parts and types of Access Control?

Student one:

Hello Class,

This week we look into access control including Single Sign On (SSO) and other types of access control methods. Access control can be defined as “a security technique that regulates who or what can view or use resources in a computing environment” and can be categorized into two parts, physical and logical (Rouse, 2018). Physical security is used to limit “access to campuses, buildings, rooms and physical IT assets” and can be seen through the use of key card scanners to enter restricted areas and wearing a badge to show that you have the correct accesses to be where you are (Rouse, 2018). Logical security on the other hand is characterized by measures that limit access to “connections to computer networks, system files and data” which are more commonly seen with passwords for accounts or even common access card readers (Rouse, 2018). In order to better secure your facility it is best to ensure that both physical and logical security measures are put in ares of high restrictions while including a digital logbook that logs anyone who enters and leaves the areas, and logs onto systems that are connected to your networks.

SSO stands for single sign on and is the ability for a user to log on to “a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications” giving the user a more user friendly and possibly more secure system without having to monitor multiple accounts with the possibility of having to juggle multiple passwords all while raising accessibility and productivity (Drinkwater, 2018). This does come with downfalls as it creates a security linchpin for the user with the possibility of a hacker being able to crack their password and gaining access to all of their data. The best way to combat this would be to add additional access controls to boost security such as an additional pin required to access the data or even a credentials based systems with PKIs.

Cyle

References

Drinkwater, D. (2018). What is single sign-on? How SSO improves security and the user experience. Retrieved 18 July 2019, from https://www.csoonline.com/article/2115776/what-is-…

Rouse, M. (2018). What is access control? – Definition from WhatIs.com. Retrieved 18 July 2019, from https://searchsecurity.techtarget.com/definition/a…

Student two:

What is Access Control?

Access Control is a system made up of different types of methods to restrict unauthorized users and allow authorized users access to things like computers and information, and now other things like cars and your homes. This access can be either physical or logical. Physical being like locking a door or entry into a building and logical meaning like a password for data on a computer or network share.

There are four major parts to Access Control: Authorization, Identification, Authentication, and Accountability. Authorization askes the questions of who can access it and what do they have access to. Identification asks how are they identified. Authentication asks the verification of the user. Accountability asks how a user’s actions are being traced for reporting, ie. dates of file changes and logon times of user.

There two main phases of the Access Control parts: the policy definition and the policy enforcement. The policy definition phase governs who has the access and what do they have access to. This phase is associated with the authorization part. The policy enforcement phase either grants or rejects the access requests based on what is given from the policy definition phase and authorization granted. The identification, authentication, and accountability parts work within this phase.

What is SSO?

The SSO, or Single Sign-On, approach allows the user to logon with their identification and authorization credentials to the computer or network once, which then allows them into all computers and systems that they are authorized to. It’s centralized with one the need for one set of login credentials; simple. There is no need to enter multiple or different IDs or passwords. SSO reduces any human faults, and we all know that human errors are a major cause of system failures. One authentication for multiple applications, shares, etc. that the particular user has given rights for. Active Directory and Group Policies can be used to grant SSO logins.

Reference

Kim, D., & Solomon, M. G. (n.d.). Fundamentals Of Information Systems Security (2nd ed.). VS-Jones & Bartlett

-Marvin

Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.