1. Introduction
The current technological landscape consists of swiftly developing information and communications technologies. This has heightened the issues related to the security of the information stored on such technological devices (Ghazal et al., 2019). As a result, previous studies have debated the most suitable approach for enhancing the security of these systems (Metoui, 2018; Ghazal et al., 2019). One of such security measures is the use of access control methods and infrastructures as solutions for information systems and multi-domain shared de-centralised network infrastructure. Access control systems offer a suitable measure for controlling the communication between diverse systems or users within an organisation (Atlas et al., 2020). According to Ghazal et al. (2019), an efficient information security approach will determine which users can gain access to certain information.
Access control measures could aid in ensuring that only authorised personnel can access an organisation’s information systems and prevent cybersecurity attacks that can result in major adverse impacts on both businesses and individuals (Ghazal et al., 2019). Furthermore, it would prevent unauthorised access to both stored and transmitted information. Particularly, considering dynamic organisational relationships in multi-dimensional settings, such as cloud computing systems, it is significant that users’ privileges and functions are defined. Also, users should be given access privileges based on their roles and the level of access required to conduct their daily tasks (Ghazal et al., 2019). This highlights the significance of access control measures for effective information security. This paper examines the three major access control security measures. It also assesses the effectiveness of these measures for information security.
2. The Features of Access Control Security Measures
2.1 Traditional Access Control Methods
Traditional access control methods use inflexible and programmed guidelines to define access privileges. The inflexible guidelines offer similar decisions, regardless of the specific information system infrastructure or organisational setting. Traditional access control measures were previously effective in diverse organisation settings; however, such measures are intended to support a relationship between the information related to an access control logic and a data or system that needs to be accessed (Atlas et al., 2020). Atlas et al. (2020) add that generally, the deployment of an access control method is often vulnerable to exploitation. For instance, there could an unforeseen condition that would require a change in access privileges, or an organisation could have inadequately prepared access guidelines. Thus, though traditional access control methods offer certain benefits, they also have certain challenges. One of such challenge is that these methods cannot manage unforeseen events, as they are developed using inflexible and predetermined guidelines (Metoui, 2018).
As a result, such inflexible methods are not considered suitable security measures for dynamic and decentralised systems like the Internet of Things and cloud computing applications. Decentralised information systems require flexibility regarding access privileges to system resources. According to Atlam et al. (2020), traditional access control methods are more suitable for other more centralised settings that do not require dynamic access controls. Examples of traditional access control methods include the Mandatory Access Control (MAC) and Discretionary Access Control (DAC) methods. DAC is developed for multiple-user information systems, and it allows access to information systems based on a user’s identity as well as the application of open guidelines. Thus, a system’s owner can enable access to all their users or only a portion of users (Atlam et al., 2020). On the other hand, considering MAC methods, the degree of sensitivity of each device is used to classify information systems into various sensitivity classes. Each device is allocated a label that determines how sensitive it is, and each device has a label that defines which users can access it (Bugiel et al., 2013).
A more developed traditional access control method is the role-based access control method. The notion of role-based access control (RBAC) started with the introduction of multiple users and multiple applications on computer systems during the 1970s (Sandhu et al., 1996). Particularly, RBAC enables the distribution of privileges that are related to users’ roles. This aids in streamlining the management of privileges and authorisations. Recently, there has been an increase in the use of RBAS for information systems and networked computer systems. According to Rhode
Quality Work
Unlimited Revisions
Affordable Pricing
24/7 Support
Fast Delivery