There are six questions. Each question needs a response of 200 words and one source. Please number the answers as
they go with the questions.
1. What are the main goals of access control and what are the best practices recommended to help in achieving them.
2. Identify the Information and Access Management Technologies and describe one that you are familiar with either from
your own experience or give an example of one that you’ve read about
3. In your own words, describe the concept of ring protection. What is the difference between Layering and data hiding?
4. Access controls are security features that are usually considered the first line of defense in asset protection. They are
used to dictate how subjects access objects, and their main goal is to protect the objects from unauthorized access. These
controls can be administrative, physical, or technical in nature and should be applied in a layered approach, ensuring that
an intruder would have to compromise more than one countermeasure to access critical assets. Explain each of these
controls of administrative, physical, and technical with examples or realworld
applications.
5. Access control defines how users should be identified, authenticated, and authorized. These issues are carried out
differently in different access control models and technologies, and it is up to the organization to determine which best fits
its business and security needs. Explain each of these access control models with examples of realworld
applications.
6. The architecture of a computer system is very important and compromises many topics. The system has to ensure that
memory is properly segregated and protected, ensure that only authorized subjects access objects, ensure that untrusted
processes cannot perform activities that would put other process at risk, control the flow of information, and define a
domain of resources for each subject. It also must ensure that if the computer experiences any type of disruption, it will not
result in an insecure state. Many of these issues are dealt with in the system’s security policy, and the security model is built
to support the requirements of this policy. Given these definitions, provide an example where you could better design
computer architecture to secure the computer system with real world
applications. You may use fictitious examples to
support your argument.
[end]