Scribd Logo
Upload

Welcome to Scribd!

  • Assignment 02 - Amaan Ahmad - SP22 BCT 004 - CUI

    Uploaded by

    tota10694
    3 views2 pages
    This document discusses different types of access control: 1) Discretionary access control gives resource owners control over access to their resources. An example is a faculty member controlling access to their course materials. 2) Non-discretionary access control grants access based on predefined rules, like security granting visitors access to university areas based on their status. 3) Mandatory access control grants access based on user clearance level and resource sensitivity, such as limiting a research lab to only cleared users.

    Original Description:

    Information Security Assignment-02 (COMSATS UNIVERSITY ISLAMABAD, ISLAMABAD CAMPUS)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses different types of access control: 1) Discretionary access control gives resource owners control over access to their resources. An example is a faculty member controlling access to their course materials. 2) Non-discretionary access control grants access based on predefined rules, like security granting visitors access to university areas based on their status. 3) Mandatory access control grants access based on user clearance level and resource sensitivity, such as limiting a research lab to only cleared users.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views2 pages

    Assignment 02 - Amaan Ahmad - SP22 BCT 004 - CUI

    Uploaded by

    tota10694
    This document discusses different types of access control: 1) Discretionary access control gives resource owners control over access to their resources. An example is a faculty member controlling access to their course materials. 2) Non-discretionary access control grants access based on predefined rules, like security granting visitors access to university areas based on their status. 3) Mandatory access control grants access based on user clearance level and resource sensitivity, such as limiting a research lab to only cleared users.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    INFORMATION SECURITY

    ASSIGNMENT-02

    APRIL 12, 2023


    AMAAN AHMAD – SP22/BCT/004
    CYBER SECURITY 3RD SEMESTER
    AMAAN AHMAD SP22/BCT/004 CYBER SECURITY

    Discretionary Access Control: In this type of access control, the owner of a resource has
    complete control over who can access that resource. In the COMSATS scenario, an example
    of discretionary access control would be a faculty member deciding who can or who cannot
    access their lecture notes or course materials.

    Non-Discretionary Access Control: In this type of access control, the decision to grant
    access to a resource is not based on the discretion of the owner. Instead, access is granted
    based on some predefined rules or policies of the institution. An example of non-discretionary
    access control in the COMSATS University scenario would be the security personnel at the
    university entrance verifying the identity of visitors and allowing them access to specific
    areas based on their visitor status. Another example could be the lecturer deciding who can or
    who cannot attend the class lecture depending on if the student is enrolled in that class or not.

    Mandatory Access Control: In this type of access control, access is granted based on the
    sensitivity of the resource and the security clearance level of the user. For example, in the
    COMSATS University scenario, a research lab conducting sensitive experiments, projects, or
    research might be accessible only to users with a high level of security clearance. Another
    example could be that access to the CUI portal server is only limited to a certain team.

    Content-based Access Control: In this type of access control, access to a resource is granted
    based on the content of the resource itself. For example, COMSATS University might use
    content-based access control to control access to specific pages within an online textbook,
    based on the student's current course enrolment or current chapter of study. Another example
    could be that the students are not allowed to access the faculty portal.

    Role-Based Access Control: In this type of access control, access to resources is granted
    based on the user's role in the organization. For example, in the university scenario, a faculty
    member might have access to course materials, student marks inserter, student attendance
    inserter, etc. while a student might have access to their academic records only.

    Rule-Based Access Control: In this type of access control, access to resources is granted
    based on the predefined rules of the organization. For example, COMSATS might implement
    rule-based access control to restrict access to the university's computer lab, library, café,
    classrooms, etc. during non-business hours.

    Risk-Based (Adaptive) Access Control: In this type of access control, access is granted
    based on the level of risk associated with the resource and the user. For example, COMSATS
    might use risk-based access control to limit access to sensitive data such as student records,
    faculty records, financial information, security plans, research papers, etc. based on the user's
    location or device used to access the data.

    SUBMITTED TO DR. MUNAM ALI SHAH INFORMATION SECURITY

    You might also like