Search for question
Question

Scenario

You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new

software-as-a-service (SaaS) application for managing patient medical files. There are six

individuals who have roles within the system and need varying levels of access to the medical

patient software. Your objectives are to set up the RBAC matrix to:

• Ensure individuals have access to necessary information for their job role

• Maintain patient privacy by adhering to the Fundamental Security Design Principle of

least privilege (i.e., business need-to-know)

The following SaaS application parameters need to be determined:

1. Access to patient information

2. Access to employee information/nCYB 200 Module Four Activity Template

After reviewing the scenario in the Module Four Activity Guidelines and Rubric document, fill in each cell with one or more of the following actions:

View

Create

Modify

Delete

None

User name

Norman

Ryhead

Simone

Janet

Dale

Ethan

Patient information

Employee information

Access to the SaaS

Access to backup logs

After you have completed the table above, respond to the following short questions:

1. What changes could be made to user roles through implementation of least privilege to better support that security design principle? (Hint: Refer to the

characteristics in the user job roles and characteristics table in the scenario, and consider the characteristics that may be contradictory.)

2. What is the importance of this tool to you as a security analyst in managing and protecting the environment? Provide an example.

Fig: 1

Fig: 2