Name: Michelle Ayaim
Date: 19th June,2025
Organization: NIWC Atlantic
This last week at my cybersecurity internship has been very interesting, building to the
fundamental knowledge I’ve been getting. It was an in-depth look at three of the most important parts of information system security: access control, network access control (NAC), and public key infrastructure (PKI). These principles have several real-world applications and understanding how they work together to establish a strong security posture has been a valuable learning experience.
We began the week by going over Access Control, which generally defines who can do
what with which resources. It serves as the barrier, making sure only authorized personnel or
systems have access to sensitive data or systems. I learnt about several approaches, from
discretionary access control (DAC), in which the owner of a resource determines permissions, to mandatory access control (MAC), which is commonly used in extremely secure environments and determines access through security labels. Role-based access control (RBAC) was of particular interest because of its popularity in business situations. Consider a huge corporation, rather than individually providing access to each employee for every file or application, RBAC allows you to categorize users by their job role and then provide permissions to those roles.
This helps management effectiveness a great deal. For example, if the organization
employs a human resources information system, an HR Manager position would have the ability to see and change personnel data, while a standard employee role would only have access to their own profile. We went over attribute-based access control (ABAC), which allows for even more precise control by making access choices based on user, resource, and environment factors. This could mean things like, “Only a user from the finance team, accessing from a company-issued device, during business hours, can access the quarterly financial reports.” The real-world impacts of proper access control are important because a false authorization might result in data breaches or unauthorized system manipulation.
Following access control, we moved on to Network Access Control (NAC), which uses access control principles directly to the network layer. NAC ensures that devices seeking to connect to a network match specific security requirement before being allowed access. This is important in today’s broadened IT settings, where employees may connect using personal devices and contractors may bring their own computers. I learnt that NAC systems can inspect endpoints for things like updated antivirus software, operating system patches, and even the presence of specific security agents. If a device does not comply, NAC can take many different kinds of actions, like quarantining the device to a separate, restricted network segment, blocking access entirely, or even automatically dealing with the issue by pushing necessary updates. This week expanded my understanding of several major cybersecurity topics.
I am truly learning a lot every day. My advice for this week is even if you do not understand everything that’s being talked about in the room, you’re in, write it down, it comes in hand later. I look forward to learning more.