Course Content
Module 1 Introduction to Cybercrime
0/6
Introduction to Cybersecurity
03:00
1.1 Lesson: What is Cybersecurity?
01:54
1.2 Lesson: Brief History of Cybersecurity
03:42
1.3 Lesson: Key Concepts and Terminology
04:52
1.4 Lesson: Cybersecurity Threat Landscape
03:23
Module1: Questions
Module 2: Computer Systems and Networks
0/6
Introduction to Computer Systems and Networks
02:36
2.1 Lesson: Introduction to Computer Systems (Hardware, Software, Firmware)
04:00
2.2 Lesson: Networking Fundamentals (TCP/IP, DNS, DHCP)
04:00
2.3 Lesson: Network Architectures and Devices (Routers, Switches, Firewalls)
03:01
2.4 Lesson: Introduction to Virtualization and Cloud Computing
02:22
Module 2 Questions
Module 3: Cybersecurity Threats and Vulnerabilities
0/6
Introduction to Cybersecurity Threats and Vulnerabilities
3.1 Lesson: Types of Cybersecurity Threats (Malware, Phishing, Ransomware)
02:31
3.2 Lesson: Vulnerability Management and Patching
03:16
3.3 Lesson: Social Engineering and Human Factors
02:13
3.4 Lesson: Introduction to Penetration Testing and Red Teaming
03:03
Module 3 Questions
Module 4: Cryptography: Encryption, Decryption, Hashing
0/5
4.1 Lesson: Introduction to Cryptography (Encryption, Decryption, Hashing)
02:53
4.2 Lesson: Symmetric and Asymmetric Encryption
02:41
4.3 Lesson: Access Control Models and Mechanisms (MAC, DAC, RBAC)
04:12
4.4 Lesson Identity and Access Management (IAM) Systems
03:02
Module 4 Questions
Module 5: Network Security and Defence
0/6
Introduction to Network Security and Defence
02:59
5.1 Lesson: Network Security Fundamentals (Firewalls, IDS/IPS, VPNs)
01:52
5.2 Lesson: Secure Communication Protocols (HTTPS, SSH, SFTP)
01:54
5.3 Lesson: Network Segmentation and Isolation
01:50
5.4 Lesson: Incident Response and Disaster Recovery
03:10
Module 5: Questions
Module 6: Operating System and Application Security
0/6
Introduction to Operating System and Application Security
02:24
6.1 Lesson: Introduction to Operating System Security (Windows, Linux, macOS)
03:06
6.2 Lesson: Application Security Fundamentals (Input Validation, Error Handling)
04:22
6.3 Lesson: Secure Coding Practices and Guidelines
04:17
6.4 Lesson: Introduction to Web Application Security (OWASP Top 10)
02:31
Module 6:Questions
Module 7:  Cybersecurity Tools and Technologies
0/6
Introduction to Cybersecurity Tools and Technologies
08:13
7.1 Lesson: Introduction to Cybersecurity Tools (Nmap, Nessus, Metasploit)
04:29
7.2 Lesson: Security Information and Event Management (SIEM) Systems
02:49
7.3 Lesson: Introduction to Cloud Security and Compliance
03:14
7.4 Lesson: Emerging Trends and Technologies in Cybersecurity (AI, ML, IoT)
02:46
Module 7: Questions
Module 8: Cybersecurity Governance and Risk Management
0/6
Introduction to Cybersecurity Governance and Risk Management
03:29
8.1 Lesson: Cybersecurity Governance and Compliance
02:23
8.2 Lesson: Risk Management Fundamentals (Identify, Assess, Mitigate)
02:44
8.3 Lesson: Introduction to Cybersecurity Frameworks and Standards (NIST, ISO 27001)
02:49
8.4 Lesson: Cybersecurity Awareness and Training
02:27
Module 8: Questions
Module 9: Hands-on Cybersecurity Projects
0/6
Introduction: Hands-on Cybersecurity Projects
03:18
9.1 Lesson: Setting up a Home Lab for Cybersecurity Testing
04:28
9.2 Lesson: Conducting Vulnerability Scanning and Penetration Testing
02:30
9.3 Lesson: Implementing a SIEM System and Analysing Security Logs
05:01
9.4 Lesson: Developing a Cybersecurity Incident Response Plan
04:41
Module 9: Questions
Module 10: Conclusion and Next Steps
0/5
10.1 Lesson: Recap of Key Concepts and Takeaways
02:51
10.2 Lesson: Future Directions in Cybersecurity
03:42
10.3 Lesson: Resources for Further Learning and Professional Development
03:30
10.4 Lesson: Final Project Presentations and Feedback
01:56
Module 10: Questions
Examination Questions
0/1
40 Practical Questions
Introduction to Cyber-Security

Access Control Models and Mechanisms (MAC, DAC, RBAC)

Access control is a fundamental aspect of information security, governing how resources and information are accessed by users. There are several models and mechanisms used to implement access control, including Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC). Each of these frameworks has distinct features, advantages, and scenarios for use.

Mandatory Access Control (MAC): Mandatory Access Control (MAC) is a stringent access control model often used in environments that require high levels of security, such as military or government institutions. In MAC, access rights are regulated by a central authority based on different sensitivity levels assigned to both users and the resources they are trying to access. These sensitivity levels exist within a hierarchy that dictates who can view or manipulate data.

In this model, users cannot modify permissions or share access rights with others; instead, the permissions set forth by the system administrators dictate all interactions with sensitive information. This standardisation reduces the risk of accidental data breaches resulting from user error but may hinder operational flexibility due to its rigid structure.

Discretionary Access Control (DAC): Discretionary Access Control (DAC) offers more flexibility compared to MAC. This model allows resource owners—individuals who have created or possess certain data—to establish policies regarding who may access their resources. In DAC systems, permissions can be granted or revoked at the discretion of each resource owner.

While DAC enables personalised management of access privileges and promotes collaboration among users by allowing sharing of resources freely based on trustworthiness, it also carries risks. Since the discretion lies with individual users rather than centralised policy enforcement, it can lead to inadvertent exposure of sensitive data if proper caution isn’t exercised.

Role-Based Access Control (RBAC): Role-Based Access Control (RBAC) targets the balance between security and usability by assigning permissions based on predefined roles within an organisation rather than individual identities. Under RBAC policies, roles encapsulate the necessary privileges required for specific job functions—this helps streamline management processes as user accounts merely need to be assigned appropriate roles instead of configuring individual permissions repeatedly.

This model significantly enhances auditing processes since a user’s actions can be traced back through their associated role rather than having to track every individual’s unique permissions. RBAC effectively simplifies user provisioning while maintaining appropriate security measures; however, it requires careful role definition and regular updates against changing organisational structures or compliance needs.

Understanding these three primary models—Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC)—is essential for designing effective security architectures tailored to specific organisational requirements. Each model has its place within various contexts depending on factors such as regulatory demand, collaborative needs, and operational complexity. By selecting an appropriate access control mechanism—or a combination thereof—organisations can bolster their overall information integrity while mitigating potential risks associated with unauthorised data exposure.

Exercise Files
4of 3 Lesson Notes.pdf
Size: 109.13 KB
Previous
Next