Free Using Roles Paper Essay Example

In this paper will elaborate better ways of controlling user access to data to the role played by the user in an organization. It will also discuss the value of using roles to segregate data and system access needs of individuals in an organization. Then give a detailed description of why a role-based access control system (RBAC) can be the best way of accomplishing this. And finally how to handle distributed trust management issues for users going to or from business partner networks.
Separation of duties in an organization is very valuable; it reduces the exposure of the organization to conflict of interest and fraud. It ensures also that business functions that are critical do not rely on a single individual. Role-based access control system has built-in support for duty separation. Roles are responsible for determining the operations a user can and cannot perform. A policy can be enforced that states that a role cannot be both an approver and a purchaser of the same product, or that individual implementing change on the firewall cannot audit the same changes. Role-based access control system supports two types of duty separation; Dynamic Separation of Duties (DSD) and Static Separation of Duties (SSD). SSD defines mutually exclusive role memberships. For instance, Role-based access control system ensures that users cannot be members of both the approving role and purchasing role. This is how it ensures that same individual cannot purchase and also approve the purchase. DSD allows the same individual to perform the role purchasing and at the same time the role of approving, but they are prohibited to approve the purchase they made. For instance, restricting an individual who made changes in the firewall configurations from auditing and approving the same changes (Security Laboratory, 2012)
Separation of duties is a very crucial security standard that states that a specific user has no proficiency to make substantial oversights or misuse his or her capabilities. The user acting on his or her knowledge should have no influence to cause destruction. Separation of roles across different locations and many departments can help in subsidizing duty to reducing fundamental threat. Separation of duties limitations have been incorporated into information systems, users are always looking for ways to access authorizations due to pressure. Whenever it is hard to segregate, other devices should be anticipated such as, audit trials and monitoring of activities. It is very crucial that security audit remains impartial.
The use of roles to segregate data and system access needs of individuals in an organization are very valuable. Segregation of duties is the separation of duties which are not compatible that can allow an individual commit and conceal fraud that can result in misstatement to the company or financial loss. Segregation of duties may be within the infrastructure or an application. Segregation reduces the risk of inappropriate action and mistakes because no individual is responsible for more than one functions related. Segregation also provides necessary oversight among functional groups in an organization. It also helps in combating fraud by discouraging collusion, and making environment management more compliant, effective, and consistent. Network segmentation is the most effective control that can be implemented by the organization to mitigate the second stage of network intrusion, lethal movement or propagation. If correctly implemented, it will make it very difficult for a malicious cyber adversary to both locate and gain access to company’s most sensitive information. Network segregation and segmentation also helps the organization to detect and respond to an intrusion. Network segregation is very important in the implementation of workforce mobility and a secure bring your own strategy that allows an individual better isolate potentially compromised or compromised device from the networks key information.
A role-based access control (RBAC) system is the best way to accomplish this since it provides a wide scope throughout an organization to control method for managing Information Technology (IT) assets and at the same time still sustaining high level of security. Role-based permissions can be inserted and quickly renovated across multiple applications, systems and a wide range of sites. Role-based access control is a method of control implemented by organizations in order to make sure that data access is done by only authorized users. Compared to other control methods, RBAC assigns users particular roles and grant permissions to every role depending on job requirements of the user. Several roles can be assigned to users so as to conduct daily tasks. RBAC implementation has some challenges; it takes effort and time to determine permissions to assign each role. A static template used in rolling out a role-based access control system is not applicable in all organizations since business needs differ.
Although implementation of RBAC has some challenges, it has many benefits. System administration burden can be decreased severely. For instance, when job position is changed in an environment not of RBAC, system administrator should modify the access of the user from object level. RBAC implementation requires that the user is assigned different role that will grant him or her authority to complete the new job. That is why RBAC is known as an appropriate practice for setting these kinds of controls. RBAC has built-in support responsible for duty separation. Role-based access control system supports two types of duty separation; Dynamic Separation of Duties (DSD) and Static Separation of Duties (SSD). SSD defines membership role that are mutually exclusive. DSD allows an individual to perform the role of purchasing and at the same time the role of approving, although they are prohibited to approve their own purchase (Security Laboratory, 2012).
Distributed trust management issues can be handled in different ways. As sharing of information complexity over with possible multiple users is in the increase, the need for access authorization model that is more comprehensive has become apparent. Trust management for a long time has evolved as a method for handling the increased complexity. By using some underlying trust management fundamental concepts which include a comparison structure to match the use up with the role and policy distributing authorization and access rights, programming language based control structure for identity verification. Proper credentials give a verification that a request complies with the policy. In an accounting firm that that covers a large geographical area, distributed trust management offers a level of complexity and security needed so as to ensure that appropriate access authorizations are maintained and also the authorized body is maintained. In a big enterprise, one governing entity can handle can handle considerable information requests. An independent application is therefore set up to verify identities, handle requests, compare requests with policies and access granting is necessary. Distributed trust management facilitates this kind of control over sensitive data (Blaze et al., 2000).

Reference

Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A. (1999). The role of trust management in distributed systems security. Retrieved Feb 4, 215, from <http://cs-www.cs.yale.edu/homes/jf/BFIK-SIP.pdf>