Application Security: Access Control System Analysis Report

Verified

Added on 2021/05/31

AI Summary

This report focuses on application security, specifically addressing access control mechanisms. It defines access control as a crucial security approach to manage resource usage and access within a computing environment. The report details access control systems, including authentication methods like PINs, passwords, and biometrics, emphasizing the significance of preventing unauthorized access to sensitive business information. It outlines the steps for modifying or creating access controls, considering user accessibility and security. The report further discusses the use of key cards and two-factor verification, highlighting the importance of authentication factors. It covers access control models, including subjects, objects, and access control lists (ACLs). The report then provides a practical guide to implementing access control for Ken 7 Windows Limited, outlining steps for setting up, modifying, and removing user permissions. It details the scope, impact, and evaluation of changes, as well as the process for undoing changes, ensuring all modifications are logged for security reasons. References to patents and research papers are also included to support the discussion.

Running header: APPLICATION SECURITY 1
Application Security
Name
Institution
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Access control, a security approach that might be applied to control what or/and who
might use or view resources within a computing setting. Access control systems perform access
approval, endorsement identification, accountability, as well as certification of entities thru login
identifications including PIN (personal identification number), password, electronic or physical
keys and biometric scans. Access controlling is a significant part of safety in all business
settings. It make sure that sensitive information about the business is prevented being accessed
by unauthorized persons and ensuring that internal materials remain internal and are not
circulated to unauthorized persons. When setting processes up for modifying or creating access
controls one must consider the king of persons who will implement these approaches. One might
be required to apply simplified approaches to let users’ easy accessibility to correct, delete or add
details. In addition the process should be intricate enough so that unauthorized users might not
gain access and alter material (Ermagan et al., 2015). Proper processes make sure that systems
are not at risk or destroyed due to miss-management of accessibility or simple mistakes.
For instance, key cards can act as access controls and offer the users access to the classified
areas. Since this document can be stolen or even transferred, it might not be a secure method to
handle access control.
A much safe approach to access control comprises two-factor verification. The
individuals who need to access should produce credentials as well as another factor to validate
personality (Mendelev et al., 2013). The other factor might be bio metric readings, access codes,
or PINs.
Three factors are there, that might be applied for authentication:
1. Something that only the user who know about it, like a PIN or password

2. Body parts of the users, like retina scans fingerprints, or other biometric measurements
3. Something belonging users, like keys or cards
For computer safety, access control comprises authentication, audit as well as
authorization of the person trying to access. Accessibility control models contain an object and a
subject. The subjects which are the human users represent the one attempting to access into the
object which generally is the software. In a computer system, access control list is the list of
authorizations as well as the users who the authorizations apply to (Madou et al., 2013). This
type of data might be viewable to certain individuals and not others and is regulated through
access control. It allow administrators to protected information as well as setting privileges
concerning, what data can be viewed, who can view it as well as the time it may be viewed.
Access control acts as a method of regulating accessibility to virtual or physical resources or a
system. When computing, access control acts as a process through which a user is granted access
as well as certain privilege to the resource, system, or data. In the access control structures, users
should produce identifications before they are granted accessibility. In physical system, the
credentials might be of many types, however credentials that might not be transferred offer the
best security.
The Ken 7 Windows Limited Staffs ought to have a list which comprises permissions as
well as the people to whom the authorizations apply. Only permitted admins have the capacity to
change this information.
Steps to meet each one of the necessities:
1. Setting or status before change

Starting menu, Open forms for the Access Control, access with requisite identifications of
admin as well as select manages the access controller list or even manage users. It will let the
Company’s admins to view the current setting of access control lists: list of authorizations as
well as the people to whom the authorizations work. It will as well bring the managements to the
point where they should be to execute any alterations.
2. Reason for Changes
The aim for alteration could be
1.) Another user requires to be included to a certain access controller list to let them gain access
to particular information, hence are in a position to perform their job
2.) modify/edit the permissions provided to a current user because of various motives like
promotions
3.) Remove a user from access control group because of several reasons such as death or when
fired
3. Changes to be implemented:
Start, login as Admins, Open form, manage users or select manages the accessibility
control list. Adding a new user to the controller list, adding user, follow reminders to add users,
right click group, then click add user, follow reminders to include user to the group. modifying
the record of authorizations of the user, select modify/edit list of authorizations for the current
users, go through prompts for modifying user, then right-click user, follow prompts in order to
modify the permissions that required to be adjusted to the present user by deselecting/selecting

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

the permissions accessible (Sinha et al., 2014). To remove any user from access control list,
follow steps to delete users, right click the present user then delete from the controller group.
4. Scope of the change
Logging out of admin. Log into user, test access the group detail and add as well as
change abilities (Sinha et al., 2014). The list of alterations executed to user(s) among the access
controller collection are logged into a read-only log file alongside the time stamps as well as the
admin who effected the changes that might be accessed by admin only
5. Impact of adjustment:
Impact of adjustment either modifies the kind of access or adds the access or rejects access to
the user.
6. Setting or Status after changes:
One back thru similar way he/she accessed data like the admin as well as checking the
information entered.
7. Evaluating the change
Yet again Ken 7 Windows Limited Workers might view thru admin. Or, might log out as
well as viewing by looking through users authorizations to check as well as making sure that
denies and access was executed correctly (Sinha et al., 2014).
8. Undoing a change
Starting, Opening form, access as admin, clicking undo earlier change. The system
accesses read-only log file (that keeps the time stamp as well as list of changes on equivalent
users) and shows the corresponding users done and the modifications through descending orders

of time stamp (Sinha et al., 2014). The admin might select the changes one after the other or
through picking the user whose changes were done hence selecting complete list of changes
about the user. After selecting, the admin might undo the changes by keying in undo icon on the
forms. These undo changes will also be recorded into the read-only log files. For safety reasons,
the log file might as well be encrypted.

References
Ermagan, V., Nellikar, S., Rao, S. K. S., Maino, F. R., & Menarini, M. (2015). U.S. Patent No.
8,949,931. Washington, DC: U.S. Patent and Trademark Office.
Madou, M., Chess, B. V., & Fay, S. P. (2013). U.S. Patent Application No. 13/331,815.
Mendelev, K., Ragoler, I., Chess, B. V., Firestone, S. J., & Kfir, Y. (2013). U.S. Patent
Application No. 13/331,777.
Sinha, A., Sutton, M. A. W., & Devarajan, S. (2014). U.S. Patent No. 8,763,071. Washington,
DC: U.S. Patent and Trademark Office.