Develop a role-based access control (RBAC) matrix for user access control.
Overview
In this exercise, you will develop a role-based access control (RBAC) matrix for user access control. RBAC matrices, as a security architecture concept, are a way of representing access control strategies visually. They help the practitioner ensure that the access control strategy aligns with the specific access control objectives. Matrices also help show when access controls may conflict with job roles and responsibilities. When you are completing this type of task, there are a few questions you should always be thinking about:
Who gets to log into the system?
Who gets to view what?
What kind of data are you dealing with (basic data vs. information subject to privacy controls)?
Who gets to add or delete? Who is view-only?
Who should not have permission?
An example of an RBAC matrix can be found in Chapter 6 of your course textbook.
Scenario
You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new software-as-a-service (SaaS) application for managing patient medical files. There are six individuals who have roles within the system and need varying levels of access to the medical patient software. Your objectives are to set up the RBAC matrix to:
Ensure individuals have access to necessary information for their job role
Maintain patient privacy by adhering to the Fundamental Security Design Principle of least privilege (i.e., business need-to-know)
The following SaaS application parameters need to be determined:
Access to patient information
Access to employee information
Access to the SaaS
Access to backup logs
See the User Job Roles and Characteristics table below for information on the users, their roles in the organization, and their job descriptions.
Users Job Roles Job Characteristics
Norman Remote call-center employee
Has the ability to log into the medical SaaS as an employee, and has remote access to employee machines for purpose of fixing or diagnosing computer issues
Has the ability to create user accounts and assign passwords
Has no right to view patient information
Has the ability to view the backup logs for important system information
Ryhead Sales representative for the healthcare firm
Has access to the software but only for showing potential new customers
Has the ability to create dummy user accounts for demo purposes
Has no ability to modify any patient information, and can only show screens for demo purposes
Has no access to the backup logs
Simone HR representative for the healthcare firm
Has the ability to log into the system
Has no abilities with user accounts
Has access to the software and employee records but should have no access to patient information
Has no access to the backup logs
Janet Application administrator for the SaaS application
Has full access to software, has the ability to change or modify settings in the system as needed, and has the ability to provide an override code
Has the ability to view, create, modify, and delete user accounts
Has no rights to change patient information
Has the ability to view, modify, and delete backup logs for the SaaS
Dale Nurse
Has access to the system for patient information.
Has no abilities with user accounts.
Has the ability to view, create, and modify patient information, but does not have the right to delete patient information without an override code
Has no access to backup logs
Ethan Auditor
Has the ability to log into the system but can only view information
Has no abilities with user accounts
Has no ability to create, modify, or delete patient information
Has the ability to view backup logs
Prompt
Specifically, you must address the critical elements listed below:
RBAC Matrix: Populate the RBAC matrix in the Module Four Activity Template using one or more of the necessary actions (view, create, modify, delete, none).
Essential Questions: Answer the following short response questions based on your populated table in the template:
What changes could be made to user roles through implementation of least privilege to better support that security design principle? (Hint: Refer to the characteristics in the scenario table above, and consider the characteristics that may be contradictory.)
What is the importance of this tool to you as a security analyst in managing and protecting the environment? Provide an example.
What to Submit
Submit the completed RBAC matrix and short response questions in the Module Four Activity Template. You may also submit this activity in your own Microsoft Word document, but your submission must contain the same elements as the template. Your submission should be 1–2 pages in length (plus a cover page and references, if used) and written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. The file name should include the course code, assignment number, and your name—for example, CYB_200_Module_Four_Activity_Neo_Anderson.docx.
Module Four Activity Rubric
Criteria Proficient (100%) Needs Improvement (65%) Not Evident (0%) Value
RBAC Matrix Completes 21 or more cells of the RBAC matrix accurately Completes fewer than 21 cells of the RBAC matrix accurately Does not complete any of the RBAC matrix cells accurately 65
Least Privilege Describes changes that can be made to the user roles through implementation of least privilege that would better support the security design principle Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15
Importance of Tool Explains the importance of the tool to a security analyst in managing and protecting the environment, and provides an example Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15
Articulation of Response Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 5
Total: 100%
Requirements: complete attached template (1-2 pages)
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
