Evolving Access Control Paradigms: A Comprehensive Multi-Dimensional Analysis of Security Risks and System Assurance in Cyber Engineering

Abstract

This study evaluates the effectiveness of traditional access control paradigms—Role-Based Access Control (RBAC), Policy-Based Access Control (PBAC), and Attribute-Based Access Control (ABAC)—against ransomware threats in critical infrastructures and examines the potential benefits of integrating machine learning (ML) and artificial intelligence (AI) technologies. Utilizing a quantitative research design, the investigation collected data from 383 cybersecurity professionals across various sectors through a systematically structured questionnaire. The questionnaire, which demonstrated excellent internal consistency with a reliability score of 0.81, featured Likert scale questions aimed at assessing perceptions and experiences concerning the efficacy of different access control models in combating ransomware. Employing multiple regression analysis, the study explored the relationship between access control paradigms and their capability to mitigate ransomware risks, while also considering the impact of cybersecurity awareness among employees. The findings indicate that traditional access control methods are less effective against the dynamic nature of ransomware attacks, primarily due to their static configurations. In contrast, the integration of ML and AI into access control systems significantly enhances their adaptability and effectiveness in detecting and preventing ransomware incidents. Additionally, the study highlights the crucial role of cybersecurity awareness and training among employees in fortifying critical infrastructures against cyber threats. The adoption of a layered security strategy, incorporating advanced technological solutions and comprehensive cybersecurity practices, was found to markedly improve the resilience of critical infrastructures against ransomware attacks. Based on these insights, the study recommends the embrace of ML and AI technologies in access control systems, the prioritization of cybersecurity training for all organizational members, and the implementation of a multifaceted security approach to better defend against the evolving threat of ransomware. These strategies are essential for safeguarding the continuity and reliability of essential services in an increasingly digital and interconnected world.