Free Research Paper About Cissp Domain – Access Control
Type of paper: Research Paper
Topic: Control, Security, Information, Management, System, Organization, Principles, Policy
Pages: 2
Words: 550
Published: 2020/10/06
<INSTRUCTOR’S NAME>
<COURSE NAME>
Certified Information Systems Security Professional (CISSP) is an internationally known information security related certification that explains the best practices and generally accepted security procedures around the world. CISSP has ten relevant security domains, and this research will focus one of its domains known as Access Control.
Access Control is the primary security domain of CISSP that manages how critical organizational application resources remain protect against illegal access, modification and disclosure. This domain predominantly tackles the mechanisms on how granting and revoking of rights to retrieve data within a system or operate an action on an information system. Understanding the process of access control will allow an organization to identify which user can access or retrieve confined within an information system. Management can also specify what specific resources they can retrieve as well as the type of operation a user can execute. Defining this access control allows the management to place an individual with accountability with regard to the resources of the organization.
Granting of access rights will range from file permissions, program permissions as well as data rights. File permissions include create, edit, delete or read within a file server, whereas, program permission refers to the authority to execute or run a program within an application server. Meanwhile, data right includes the right or authority to update or access information in a database. The management must take into account the principles of access control prior to security implementation. These principles include the least privilege and the separation of duties. The least privilege policy restrains both the user of the system and its related processes to retrieve only those data required to execute an assigned function. An example of this is when an employee with a back-up privilege can only execute back-up applications and not permitted to install software because that is beyond his assigned function. On the other hand, the principle of separation of duties emphasize that the execution of different steps of a process rely on distinct users . Management should explicitly define the separation of duties in order to prevent conflict of interest, experience error, abuse and fraud. These principles should remain implemented within every information system, personnel, facilities and support systems of an organization. Apart from this, it is necessary for an organization to categorize the security controls. Its categories can either relate to administrative or management controls, physical or operational controls and technical controls. Management controls refer to standards, guidelines or policies. Operation controls refer to how the execution of the policies, whereas, technical controls refer to access controls, confidentiality and authorization .
In case of new information system related projects, it is critical that security considerations for access control are part of each phase. During the initiation phase, apart from identifying the information resources, it is necessary that there are a clear and defined security policies, guidelines and standards. Categorization for information security as well as protection level should also remain documented. During the development or acquisition phase, management should emphasize their security requirements as well as controls for security. The security team must develop an appropriate security test scripts, scenarios and cases as well as evaluation for validation of the defined security controls. The project team must ensure that there is an accurate implementation of security controls and acquire security accreditation. As part of the maintenance phase, there should have a scheduled periodic security evaluation .
Works Cited
Sandhu, R. and P. Samarati. "Access Control: Principles and Practice." IEEE Communications Magazine (n.d.): 40-48. Document.
Srinivasan, M. CISSP in 21 Days. Packt Publishing, 2009. Book.
Zheng, J. and Q. Zhang. "Dynamic Role-Based Access Control Model." Journal of Software, vol.6, no.6 (2001): 1096-1102. Document.
- APA
- MLA
- Harvard
- Vancouver
- Chicago
- ASA
- IEEE
- AMA
Please remember that this paper is open-access and other students can use it too.
If you need an original paper created exclusively for you, hire one of our brilliant writers!
- Paper Writer
- Write My Paper For Me
- Paper Writing Help
- Buy A Research Paper
- Cheap Research Papers For Sale
- Pay For A Research Paper
- College Essay Writing Services
- College Essays For Sale
- Write My College Essay
- Pay For An Essay
- Research Paper Editor
- Do My Homework For Me
- Buy College Essays
- Do My Essay For Me
- Write My Essay For Me
- Cheap Essay Writer
- Argumentative Essay Writer
- Buy An Essay
- Essay Writing Help
- College Essay Writing Help
- Custom Essay Writing
- Case Study Writing Services
- Case Study Writing Help
- Essay Writing Service
- Control Research Papers
- Security Research Papers
- Information Research Papers
- Management Research Papers
- System Research Papers
- Organization Research Papers
- Principles Research Papers
- Policy Research Papers
- Privilege Research Papers
- Discrimination Research Papers
- Information Security Research Papers
- Server Research Papers
- Execution Research Papers
- Domain Research Papers
- Operation Research Papers
- Government Research Papers
- Implementation Research Papers
- Application Research Papers
- Function Research Papers
- Authority Research Papers
- Innovation Research Papers