Each response to a single essay question should be about a half-page in length (about 150 words).
1. Access controls are security features that are usually considered the first line of defense in asset protection. They are used to dictate how subjects access objects, and their main goal is to protect the objects from unauthorized access. Access control models are frameworks that use access controls to enforce the rules and objectives of the model. In your essay response, compare the different Access Control Models and give an example of one that you have used in a work situation or if that is not possible, one that you’ve read about in a scholarly article.
2. Relying on a password to secure access to a system does not provide enough security in today’s complex world. The Office of Personnel Management learned this the hard way in 2015. Since OPM was hacked and it was learned that the attackers compromised their system administrator accounts that were protected only with passwords, the Federal government has required the use of multifactor authentication for privileged accounts. Describe the three factors that can be used in authentication and give at least two examples for each.
3. There are two main methods of access control administration that an organization can choose between to achieve the level of protection that they need to secure their assets and information: centralized and decentralized. Describe the RADIUS, TACACS, and DIAMETER forms of centralized access control administration. What are the advantages and disadvantages of decentralized administration.