Access Control

Access Control

Name:

Institution:

Access Control

Access control assumes an imperative role specifically in the domain of information security. Accordingly, it involves the discriminatory prohibition of contact or entrance to a resource or place. Based on the limitations set, the activity of accessing may actually relate to utilizing, consuming, or entering. In this respect, authorization is required in order to enable access to a particular resource. Due to the variable nature of information security, different forms of access control exist. The first of these mechanisms comprises Discretionary Access Control (DAC) (Thion & Coulondre, 2006). The DAC mainly constitutes a policy decided upon by the proprietor of a device or object. The proprietor usually determines the person authorized or permitted to gain access to the respective object (Thion & Coulondre, 2006). In addition to this, the owner determines the rights that the individual or party possess concerning access to the object.  The second mechanism involves the Mandatory Access Control (MAC) (Thion & Coulondre, 2006). The MAC enables access to an object or resource as long as there are regulations that clearly give the user or party the right to gain permission to the resource. DAC can be ideal in situations involving the ownership of digital resources. Since the owner determines permission and restriction, this form of access control provides him or her with the capability to decide on this. Hence, in a situation involving the ownership of data and files, the owner can use the DAC to restrict unauthorized parties from accessing such resources. Despite its ease of implementation, the DAC may be unsuitable in scenarios whereby malicious programs such as Trojan horses are evident (Thion & Coulondre, 2006). Consequently, MAC is ideal in situations involving the protection of considerably sensitive information such as military and government data (Thion & Coulondre, 2006). However, this variant of access control may prove deleterious in a scenario whereby the implementer lacks the capability to cushion the management overheads that arise from the cost of planning, applying, and updating the system consistently.

Reference

Thion, R., & Coulondre, S. (2006). Integration of access control in information systems: From role engineering to implementation. Informatica, 30(1), 87-95.