For more exams
Email;
WGU C845
Information
Systems Security
Task 1: Access
Control Model &
Policy
Information Systems Security (Western Governors
University)
, lOMoAR cPSD| 62837805
A. Access Control Model
A1. Chosen Model and How It Fits
I am applying Role-Based Access Control (RBAC) to FinSecure Corp.
In RBAC, access is tied to roles, not to individual people. Users get
permissions based on what their job is, not on ad-hoc requests. Key ideas:
• People in the same role (e.g., finance analyst, HR coordinator) should
have similar access.
• Users should have only what they need to do their job (least
privilege).
• Access should change when they are hired, moved, or leave.
The provided user matrix already uses job titles like “Finance manager,”
“Customer support rep,” “Junior system admin,” which map naturally to
RBAC roles. The gaps show up when the access no longer matches the role
or when accounts stay active after the person is gone.
A2. Misalignments with RBAC
Here are four clear misalignments between the matrix and RBAC:
1. Customer support rep with payroll access (J. Hall) o
Role: Customer support rep (Support) o Access:
CRM, email server, payroll system
o Problem: Payroll is a finance/HR function. A support rep
doesn’t need payroll data to help customers. This breaks least
privilege and mixes duties across roles.
2. Terminated HR assistant still active (P. Ellis) o
Role: HR assistant
o End date: 2025-05-20, marked “Terminated (2025-05-20)” o
Account status: Active, with HR portal and payroll system
messages.downloaded_by
Email;
WGU C845
Information
Systems Security
Task 1: Access
Control Model &
Policy
Information Systems Security (Western Governors
University)
, lOMoAR cPSD| 62837805
A. Access Control Model
A1. Chosen Model and How It Fits
I am applying Role-Based Access Control (RBAC) to FinSecure Corp.
In RBAC, access is tied to roles, not to individual people. Users get
permissions based on what their job is, not on ad-hoc requests. Key ideas:
• People in the same role (e.g., finance analyst, HR coordinator) should
have similar access.
• Users should have only what they need to do their job (least
privilege).
• Access should change when they are hired, moved, or leave.
The provided user matrix already uses job titles like “Finance manager,”
“Customer support rep,” “Junior system admin,” which map naturally to
RBAC roles. The gaps show up when the access no longer matches the role
or when accounts stay active after the person is gone.
A2. Misalignments with RBAC
Here are four clear misalignments between the matrix and RBAC:
1. Customer support rep with payroll access (J. Hall) o
Role: Customer support rep (Support) o Access:
CRM, email server, payroll system
o Problem: Payroll is a finance/HR function. A support rep
doesn’t need payroll data to help customers. This breaks least
privilege and mixes duties across roles.
2. Terminated HR assistant still active (P. Ellis) o
Role: HR assistant
o End date: 2025-05-20, marked “Terminated (2025-05-20)” o
Account status: Active, with HR portal and payroll system
messages.downloaded_by
