Learning Objective Describe The Role Of Access Control In In ✓ Solved

Posted on December 13, 2025

Learning Objective Describe the role of access control in in

Learning Objective Describe the role of access control in information systems, and identify and discuss the four fundamental functions of access control systems. Create a decision tree based on the following case: For one month, Paul was supposed to collect information on his decision-making process in granting loans at Pau Daunk Bank so that Ginger and Saurabh could use that information to create an expert system. Although Paul did make records of his decisions and criteria, the information was incomplete. Help Ginger and Saurabh make sense of his limited information and create a decision tree. They figured out that Paul grouped people into age categories of: 0 – 29, 30 – 55, 56 and older. He also grouped loan amount granted into categories of $5,000; $7,500; $10,000. Create a report explaining your decision tree.

Paper For Above Instructions

Executive summary

This report (1) explains the role of access control in information systems and discusses the four fundamental access-control functions, and (2) constructs a practical decision tree from Paul’s limited loan-decision notes so Ginger and Saurabh can begin building an expert system. The decision tree uses the provided age categories (0–29, 30–55, 56+) and loan amount categories ($5,000; $7,500; $10,000). The report explains assumptions, missing-data handling, and how access control must be applied to the resulting expert system and data.

Part 1 — Role of access control in information systems

Access control is the set of policies, procedures, and technical mechanisms that determine who (or what) can access information resources and what actions they may perform. Access control enforces confidentiality, integrity, and appropriate use of data and system functions (Sandhu & Samarati, 1994; Bishop, 2003). In modern information systems access control protects sensitive customer records, prevents unauthorized model changes, and supports auditability for compliance (NIST SP 800-53, 2020).

Four fundamental functions of access control

Identification — asserting an identity (user account, process, or system actor) so the system can treat that entity as distinct (Ferraiolo & Kuhn, 1992).
Authentication — verifying the claimed identity (passwords, tokens, biometrics) to ensure the actor is who they claim to be (Bishop, 2003).
Authorization — determining permitted actions or data for an authenticated identity (role-based or attribute-based policies that enforce least privilege) (Sandhu & Samarati, 1994; Ferraiolo & Kuhn, 1992).
Accountability (Auditing) — recording actions and decisions (logs, tamper-evident records) to support non-repudiation, forensic analysis, and compliance (NIST SP 800-53, 2020).

Applied to an expert system for loan decisions, these functions ensure that only authorized staff can view or edit customer data, only authenticated processes can query model decisions, and all decision-rule changes are auditable to preserve model integrity and regulatory compliance (Bishop, 2003; Russell & Norvig, 2021).

Part 2 — Decision tree construction for Paul’s loan decisions

Scope and assumptions: Paul’s notes categorize applicants by three age groups and three loan amounts. Because the raw labeled outcomes (approve/deny) and other features are incomplete or missing, I use conservative, explainable rules and standard decision-tree practices (Quinlan, 1993; Breiman et al., 1984). Additional implicit assumptions used to create actionable rules:

If Paul’s recorded decision for a cell (age × amount) is available, that majority decision is used.
If multiple conflicting entries exist for a cell, choose the majority vote; if tie or no entries, default to a safe operational action: “Manual review” to prevent wrongful automated approvals (Lessmann et al., 2015).
When additional attributes are absent (income, credit score), the tree remains shallow (age → amount → decision) and explicitly marks branches requiring additional verification.

Decision-tree structure (textual)

The tree root is Age Group because Paul is known to group applicants primarily by age. Each age branch splits by Loan Amount. Leaf nodes contain one of four recommended actions: Approve, Deny, Conditional Approve (require co-signer or collateral), or Manual Review.

Age 0–29
- Loan $5,000 → Conditional Approve (require income verification / internship or employment proof)
- Loan $7,500 → Manual Review (insufficient data; younger borrowers may need co-signer)
- Loan $10,000 → Deny or Manual Review (higher risk without credit/income data)
Age 30–55
- Loan $5,000 → Approve (default approve if Paul’s notes show approvals; otherwise Conditional Approve with soft credit check)
- Loan $7,500 → Conditional Approve (income/credit verification)
- Loan $10,000 → Manual Review (use additional financial attributes before automated approve)
Age 56+
- Loan $5,000 → Conditional Approve (check retirement income or pension)
- Loan $7,500 → Manual Review (assess repayment capacity)
- Loan $10,000 → Manual Review or Deny if fixed income and insufficient security

Rationale: The tree above is conservative and explainable. Decision-tree theory supports shallow, interpretable trees when attributes are few and datasets are small (Quinlan, 1993; Breiman et al., 1984). For credit decisions, many studies favor explainable models or hybrid rules for regulatory transparency (Lessmann et al., 2015; Han et al., 2011).

Handling incomplete and conflicting data

When Paul’s records are incomplete, several methods apply:

Surrogate splits — use correlated available attributes to approximate missing ones (Han et al., 2011).
Default conservative rule — route ambiguous cases to Manual Review to avoid wrongful automated approvals (Mitchell, 1997).
Probabilistic assignment — where historic frequencies are known, assign the most-likely decision but flag the record and require post-hoc audit (Quinlan, 1993).

For Paul’s dataset, because we lack frequencies, the recommended operational policy is Manual Review for missing/ambiguous branches and Conditional Approve where minimal verifications suffice. All automated outputs must record provenance (who and what determined the decision) to support accountability (NIST SP 800-53, 2020).

Implementation and governance recommendations

1. Integrate access control: enforce identification, authentication, authorization, and auditing so only authorized model-builders or loan officers can view/edit rules (Ferraiolo & Kuhn, 1992; Sandhu & Samarati, 1994). 2. Maintain a rule-change log linked to user identities and timestamps to satisfy accountability. 3. Validate the decision tree using historical labeled data when available and apply cross-validation or holdout testing before deploying automated decisions (Breiman et al., 1984; Mitchell, 1997). 4. Where the tree delegates to Manual Review, design clear human workflows and record human decisions to later refine the tree (Russell & Norvig, 2021).

Conclusion

This report combines a concise explanation of access-control roles and the four core functions with a practical, conservative decision tree built from Paul’s limited groupings. The proposed tree is interpretable and safe for early expert-system prototyping: it prioritizes human review where data are missing and integrates access control and auditing to protect customer data and model integrity. When more complete data are obtained (credit scores, income, employment), the tree can be refined using standard decision-tree algorithms and validated against performance metrics (Quinlan, 1993; Breiman et al., 1984; Lessmann et al., 2015).

References

Bishop, M. (2003). Computer Security: Art and Science. Addison-Wesley.
Breiman, L., Friedman, J. H., Olshen, R. A., & Stone, C. J. (1984). Classification and Regression Trees. Wadsworth.
Ferraiolo, D. F., & Kuhn, D. R. (1992). Role-Based Access Controls. 15th NIST-NCSC National Computer Security Conference.
Han, J., Kamber, M., & Pei, J. (2011). Data Mining: Concepts and Techniques (3rd ed.). Morgan Kaufmann.
Lessmann, S., Baesens, B., Seow, H.-V., & Thomas, L. C. (2015). Benchmarking state-of-the-art classification algorithms for credit scoring: An update of the literature. Expert Systems with Applications, 42(3), 1394–1406.
Mitchell, T. (1997). Machine Learning. McGraw-Hill.
NIST. (2020). NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations. National Institute of Standards and Technology.
Quinlan, J. R. (1993). C4.5: Programs for Machine Learning. Morgan Kaufmann.
Russell, S., & Norvig, P. (2021). Artificial Intelligence: A Modern Approach (4th ed.). Pearson.
Sandhu, R., & Samarati, P. (1994). Access control: Principles and practice. IEEE Communications Magazine, 32(9), 40–48.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.