Which Access Control Scheme is Best for Protecting Highly Sensitive Data?

A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels.

Which of the following access control schemes would be BEST for the company to implement?

A.

Discretionary

B.

Rule-based

C.

Role-based

D.

Mandatory.

D.

The best access control scheme for a company that processes highly sensitive data and wants to protect it using classification labels is the Mandatory Access Control (MAC) scheme.

MAC is a type of access control scheme that assigns security labels to data based on its level of sensitivity, and access to that data is granted based on clearance levels of users. In a MAC environment, the access control decisions are taken by the system and not the user. The system compares the security label of the data with the clearance level of the user and allows access only if the clearance level is equal to or greater than the security label of the data.

This type of access control scheme is best suited for environments that handle sensitive information, such as government agencies, financial institutions, and military organizations. It provides a high level of control and ensures that sensitive data is accessed only by users with the appropriate clearance level.

Discretionary Access Control (DAC) allows the data owner to determine who has access to the data, but it does not provide any guidelines for how to determine access. Rule-based Access Control (RBAC) assigns access based on predefined rules, such as job roles or department membership. Role-based Access Control (RBAC) assigns access based on a user's role within an organization. None of these access control schemes provide the same level of control and security as MAC.

Therefore, the answer is D. Mandatory Access Control.