120-150 words total

1. Research Certificate based authentication techniques \& research Online Certificate Status Protocol (OCSP) Responders. What happens if Certificate with private key becomes compromised or user issued is no longer valid? How can you handle with organizational infrastructure to prevent access? Why is mutual authentication between service provider and service consumer important? How can certificates help provide trust? 2. Research Multi-factor authentication (MFA) implementation best practices. How can you best implement MFA accounting for human-computer interaction (HCl) simplicity to still accomplish tasks in timely manner? Why must authentication be mutual and not one way, so human user can identify computer resource accurately? 3. Discuss the advantages versus disadvantages of employing Access Control Lists or Role-Based Access Control (RBAC) versus a policy based approach like Attribute-Based Access Control (ABAC), defined in NIST (2014) Special Publication 800-162: Guide to Attribute Based Access Control (ABAC) Definition and Considerations, or Context-Based Access Control discussed in Chapter 6 of the Sherif textbook. Under which enterprise situations and environments might one be better approach than the other