Question

In: Nursing

HIPAA security , physical safeguard give examples of the following : 1) user-based access control 2)...

HIPAA security , physical safeguard

give examples of the following :

1) user-based access control

2) role-based access control

3) context-based access control

Solutions

Expert Solution

An access control specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. When a subject requests an operation on an object in an access control -based security model the operating system first checks the access control for an applicable entry to decide whether the requested operation is authorized.

1. User-based access control:

This type of access control can be provided to an individual user. It is a method of securing software and its features at the individual level. It does not have predefined roles they behave on the user regarding to the policy standard they are used because of its risk free. The most basic form of user-based access is a simple login and password combination that either grants or denies access.

Ex: In a web application we have employee and manager the manager can send the some medical documents are these medical documents can be read by the employee but he cannot rewrite the document if the document if any correction is needed he has to give request to the manager to rewrite the document this way are the process are monitored and more dynamic than static with pre defined roles in the healthcare.

2. Role-based access control:

Roles based access system are which are used to give the user a particular role when they access the system .the particular system is responsible to display only the data what he or she only accessible.

Ex: A doctors can see the entire patient’s medical information, but the patients cannot see all the information for all the patients. Their access is more permission oriented.

A subject assigned the role of Manager will have access to a different set of objects than someone assigned the role of Analyst.

3. Context-based access control:

It can make decision of access completely based upon the context of a collection of information rather than the content (sensitivity of data) within an object. Contextual information like device type, user location and time can be taken.

Ex: Firewalls make context-based access decisions when they collect state information on a packet before allowing it into the network.

If no SYN packet has been received, firewalls will not allow the SYN/ACK packet to correlate the connection.


Related Solutions

1. Give examples of security measures that might be used to control information security, personnel security,...
1. Give examples of security measures that might be used to control information security, personnel security, and health hazard security issues. 2. Should the federal and state governments enact tougher laws or regs to deal with security violators? If so, what are your recommendations?
What are some physical security design elements for alarm/access control systems servers?
What are some physical security design elements for alarm/access control systems servers?Why is Physical Security design elements for alarm/access control systems/servers so crucial in a data center?
Q22: Which one of the following statements is a correct in Access Control? 1. A user...
Q22: Which one of the following statements is a correct in Access Control? 1. A user who is given permission to read a file is called an object. 2. A custodian of a data file configures who can have a read access to the file. 3. A data file created by owner is called a subject. 4. End users of files review the security settings of data files. 5. Discretionary Access Control (DAC) is most restrictive model.
One category of general controls is physical and online security. Describe the control and give at...
One category of general controls is physical and online security. Describe the control and give at least three examples of implementation of the control.
Consider a multi-user system running a database server, with a role-based access control (RBAC) system. One...
Consider a multi-user system running a database server, with a role-based access control (RBAC) system. One role in this system is Database Developer, for those responsible for creating and populating new databases and database applications. A second role is Database Administrator, responsible for managing the configuration of the database server and database user accounts. Make two lists, one for each of these two roles, with names of permissions that might be assigned to each role. Be as specific as possible....
Role-based access control (RBAC), an accepted model for access control in enterprise environments, may provide the...
Role-based access control (RBAC), an accepted model for access control in enterprise environments, may provide the means for conditions effectively restrict access based on rules and prerequisite conditions. However, there may be weaknesses in this approach. Provide strengths and weaknesses of role-based access control use in any size organization of your choice.
For Network Access Control and Cloud Security You are required to research and report on this...
For Network Access Control and Cloud Security You are required to research and report on this topic according to the Detail of Question below. A. Select one paper to: Read, understand in order to present three main parts: 1. Summary: o Provide a 200-300 word summary of the paper under review, from the background to the results being presented, and further work proposed. Please do NOT copy the abstract into this space! 2. Main points: o The main issues as...
1) What is HIPAA compliance, give an example.
1) What is HIPAA compliance, give an example.
Describe and give examples of the 2 most significant computer security threats that are impacting the...
Describe and give examples of the 2 most significant computer security threats that are impacting the world at the present time. (b) What steps are being taken to minimize or thwart these threats? (c) Will the efforts proposed to protect individuals, companies and the governments from these threats still protect the rights of citizens? (d) Do you think that the steps taken or to be taken are ethical and will not cause a backlash in society? Please elaborate (beyond a...
1. T/F. Under non-discretionary access control, a third-party security administrator determines what users have access to...
1. T/F. Under non-discretionary access control, a third-party security administrator determines what users have access to certain network and system resources. 2. T/F. When establishing firewall rules, the most prudent configuration is to implicitly deny by blocking all traffic by default then rely on business need and justification to create new rules as exceptions. 3. T/F. By default, all virtual private network (VPN) client software encrypts network traffic. 4. T/F. Asymmetric encryption is more secure than symmetric encryption.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT