application security 120

Please provide the replies for the following posts:

Reply 1 Anunay:

Most organizations or institutions have different access control policies and procedures that are implemented to address the responsibilities and roles of different management commitments of that given organization (Solomon, 2019). Such controls are intended to give effective directions on security controls and the enhancement of accessibility to organization staff. Access controls implementations to government agency versus a typical information technology company do not differ since access controls procedures in both institutions are almost the same.

Both framework policies have one goal to achieve security policy such as information security and trust in their systems to the interested parties. Mostly, confidentiality in terms of who gets to access the information, integrity when it comes to authorized persons are the only ones to change specific information and program, and availability in terms of information and resources be accessed by authorized users to be a continuous exercise (Solomon, 2019). All the above requirements are practiced by both government agencies and information technology companies.

Access controls differ among private industries such as retail, banking, and manufacturing. When we look at retail versus banking, they differ in how they exercise their security policies and they always take in terms of who pays them (Solomon, 2019). Public or retail being paid by the tax dollars and should be accountable to the tax-payers citizens while banking is entirely paid by the company or business and the security policies are mainly or strictly to the enforcement laws of that given company. Public is a bit traditional and is taken to be unreactive, non- operational due to the way they handle crowd or they serve everyone hence it makes security controls less concern (Solomon, 2019). Another difference comes in on stationary power where retail security acts in full authority and it is an arm of government while private such as banking tend not to have power to the public rather than private citizens.

Reply 2 prasanth:

Access controls are implemented differently in the government agencies versus the typical organizations. Government agencies and the typical organizations have different compliance requirements and different information technology security levels; thus have to use different ways to implement their control systems. For instance, a government agency need to implement a mandatory access control (MAC) where the access permissions are controlled by a central authority depending on the level of security. The classifications are usually assigned to computing resources and security kernel allows or disallows computing objects depending on the information security of the device or user. Contrary, a typical organization uses a normal to implement the access control system where the discretionary access control (DAC) where the administrator sets policies of the people authorized to access the system.

Access control systems differ among the private industries due to their different nature of businesses. Some industries like banking deal with sensitive and confidential and may consider using complex types of access control. On the other hand manufacturing industries handles basic roles with their access control systems and will consider less complicated systems that they can well utilize. Discretionary access control (DAC) is considered simple to use and can handle the basic application, hence can be used in manufacturing industries that do not handle sensitive information (Davis, 2018). Banking and financial industries that handle con potential information will consider Rule-based access and mandatory access system.

Can you please answer the following questions.

Lab Assessment Questions :

1. What does ACL stand for and how is it used?

2. Why would you add permissions to a group instead of the individual?

3. List at least three different types of access control permissions you can enable for a file using icacls.exe.

4. Which access control permissions allow you to change files and/or folders?

5. If you don’t remember the syntax when using icacls.exe, what command do you type to see the options?

6. Without using the icacls.exe tool, how could you view and modify the privileges of the files or folders of a shared drive?

7. Where do permissions modified using the icacls.exe tool appear in the folder Properties?