To complete this assignment, review the prompt and grading rubric in the Module Four Activity Guidelines and Rubric. You will also need to access the Module Four Activity Template Word Document.
CYB 200 Module Four Activity Guidelines and Rubric
Overview
In this exercise, you will develop a role-based access control (RBAC) matrix for user access control. RBAC matrices, as a security architecture concept, are a way of represen�ng access
control strategies visually. They help the prac��oner ensure that the access control strategy aligns with the specific access control objec�ves. Matrices also help show when access controls
may conflict with job roles and responsibili�es. When you are comple�ng this type of task, there are a few ques�ons you should always be thinking about:
Who gets to log into the system?
Who gets to view what?
What kind of data are you dealing with (basic data vs. informa�on subject to privacy controls)?
Who gets to add or delete? Who is view-only?
Who should not have permission?
An example of an RBAC matrix can be found in Chapter 6 of your course textbook.
Scenario
You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new so�ware-as-a-service (SaaS) applica�on for managing pa�ent medical files. There are six
individuals who have roles within the system and need varying levels of access to the medical pa�ent so�ware. Your objec�ves are to set up the RBAC matrix to:
Ensure individuals have access to necessary informa�on for their job role
Maintain pa�ent privacy by adhering to the Fundamental Security Design Principle of least privilege (i.e., business need-to-know)
The following SaaS applica�on parameters need to be determined:
1. Access to pa�ent informa�on
2. Access to employee informa�on
3. Access to the SaaS
4. Access to backup logs
See the User Job Roles and Characteris�cs table below for informa�on on the users, their roles in the organiza�on, and their job descrip�ons.
Users Job Roles Job Characteris�cs
9/22/24, 2:21 PM Assignment Information
https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102836/View 1/4
Norman Remote call-center employee
Has the ability to log into the medical SaaS as an employee, and has remote access to employee machines for
purpose of fixing or diagnosing computer issues
Has the ability to create user accounts and assign passwords
Has no right to view pa�ent informa�on
Has the ability to view the backup logs for important system informa�on
Ryhead Sales representa�ve for the healthcare
firm
Has access to the so�ware but only for showing poten�al new customers
Has the ability to create dummy user accounts for demo purposes
Has no ability to modify any pa�ent informa�on, and can only show screens for demo purposes
Has no access to the backup logs
Simone HR representa�ve for the healthcare
firm
Has the ability to log into the system
Has no abili�es with user accounts
Has access to the so�ware and employee records but should have no access to pa�ent informa�on
Has no access to the backup logs
Janet Applica�on administrator for the SaaS
applica�on
Has full access to so�ware, has the ability to change or modify se�ngs in the system as needed, and has the ability
to provide an override code
Has the ability to view, create, modify, and delete user accounts
Has no rights to change pa�ent informa�on
Has the ability to view, modify, and delete backup logs for the SaaS
Dale Nurse
Has access to the system for pa�ent informa�on.
Has no abili�es with user accounts.
Has the ability to view, create, and modify pa�ent informa�on, but does not have the right to delete pa�ent
informa�on without an override code
Has no access to backup logs
9/22/24, 2:21 PM Assignment Information
https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102836/View 2/4
Ethan Auditor
Has the ability to log into the system but can only view informa�on
Has no abili�es with user accounts
Has no ability to create, modify, or delete pa�ent informa�on
Has the ability to view backup logs
Prompt
Specifically, you must address the cri�cal elements listed below:
I. RBAC Matrix: Populate the RBAC matrix in the Module Four Ac�vity Template using one or more of the necessary ac�ons (view, create, modify, delete, none).
II. Essen�al Ques�ons: Answer the following short response ques�ons based on your populated table in the template:
A. What changes could be made to user roles through implementa�on of least privilege to be�er support that security design principle? (Hint: Refer to the characteris�cs in the
scenario table above, and consider the characteris�cs that may be contradictory.)
B. What is the importance of this tool to you as a security analyst in managing and protec�ng the environment? Provide an example.
What to Submit
Submit the completed RBAC matrix and short response ques�ons in the Module Four Ac�vity Template. You may also submit this ac�vity in your own Microso� Word document, but your
submission must contain the same elements as the template. Your submission should be 1–2 pages in length (plus a cover page and references, if used) and wri�en in APA format. Use double
spacing, 12-point Times New Roman font, and one-inch margins. The file name should include the course code, assignment number, and your name—for example,
CYB_200_Module_Four_Ac�vity_Neo_Anderson.docx.
Module Four Activity Rubric
Criteria Proficient (100%) Needs Improvement (65%) Not Evident (0%) Value
RBAC Matrix Completes 21 or more cells of the RBAC
matrix accurately
Completes fewer than 21 cells of the
RBAC matrix accurately
Does not complete any of the RBAC
matrix cells accurately
65
Least Privilege Describes changes that can be made to the
user roles through implementa�on of least
privilege that would be�er support the
security design principle
Addresses “Proficient” criteria, but there
are gaps in clarity, logic, or detail
Does not address cri�cal element, or
response is irrelevant
15
9/22/24, 2:21 PM Assignment Information
https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102836/View 3/4
Criteria Proficient (100%) Needs Improvement (65%) Not Evident (0%) Value
Importance of Tool Explains the importance of the tool to a
security analyst in managing and
protec�ng the environment, and provides
an example
Addresses “Proficient” criteria, but there
are gaps in clarity, logic, or detail
Does not address cri�cal element, or
response is irrelevant
15
Ar�cula�on of Response Submission has no major errors related to
cita�ons, grammar, spelling, or
organiza�on
Submission has some errors related to
cita�ons, grammar, spelling, or
organiza�on that nega�vely impact
readability and ar�cula�on of main ideas
Submission has cri�cal errors related to
cita�ons, grammar, spelling, or
organiza�on that prevent understanding of
ideas
5
Total: 100%
9/22/24, 2:21 PM Assignment Information
https://learn.snhu.edu/d2l/le/content/1698647/viewContent/35102836/View 4/4
,
CYB 200 Module Four Activity Template After reviewing the scenario in the Module Four Activity Guidelines and Rubric document, fill in each cell with one or more of the following actions:
• View • Create • Modify • Delete • None
User name Patient information Employee information Access to the SaaS Access to backup logs
Norman
Ryhead
Simone
Janet
Dale
Ethan
After you have completed the table above, respond to the following short questions:
1. What changes could be made to user roles through implementation of least privilege to better support that security design principle? (Hint: Refer to the characteristics in the user job roles and characteristics table in the scenario, and consider the characteristics that may be contradictory.)
2. What is the importance of this tool to you as a security analyst in managing and protecting the environment? Provide an example.