Submit your responses to the following questions in APA6 report format. Please keep in mind the point weight for the questions – one-line, short paragraph and non-relevant answers will not get ANY points.

1)    Access Control [20 points – 5 points each]

a)     Describe what an access control list is.

b)    Explain how UNIX permissions can be regarded as access control lists.

c)     Describe capability-based access control.

d)    Contrast access control lists and capability-based access control.

2)    Cloud security [20 points] Describe the mechanisms and protocols used by the Trusted Third Party method of cloud security to provide confidentiality, integrity, and authenticity.

3)    IS Management [20 points] Describe the conclusions reached by Soomro, et al with respect to information security management. What relationship should the technical, management, and human dimensions have?  Whose responsibility is information security in an organization?

4)    Design Principles [40 points à 5 points each] – In their seminal 1975 paper, Saltzer and Schroeder articulated eight principles for “The Protection of Information in Computer Systems”. These principles are:

A.    Least Privilege

B.    Fail-safe Defaults

C.    Economy of Mechanism

D.    Complete Mediation

E.    Open Design  

F.     Separation of Privilege

G.    Least Common Mechanism

H.    Psychological Acceptability

Give a short description of each of the principles.  the statements in the paper – there need to be explanations in your own words, with examples provided to demonstrate your understanding.

Leave a Reply