![]() Access control list ( ACLs) provides a flexible method for applying discretionary access controls.Standard UNIX and Windows operating systems use DAC for filesystems. Subjects are empowered and control their data. Accountability – describes the ability to determine which actions each user performed on a system.Īccess control models Discretionary Access Control (DAC)ĭiscretionary Access Control (DAC) gives subjects full control of objects they have been given access to, including sharing the objects with other subjects.Authorization – determines what an subject can do.Authentication – determines whether a subject can log in.They do not manipulate other objects.Īccess control systems provide three essential services: The important thing remember about objects is that they are passive within the system. Objects can range from databases to text files. A Dynamic Link Library file or a Perl script that updates database files with new information is also a subject.Īn object is any passive data within the system. However, running computer programs are subjects as well. Most examples of subjects involve people accessing data files. Basic concepts of access controlĬIA triad and his opposite ( DAD) – see (My) CISSP Notes – Information Security Governance and Risk ManagementĪ subject is an active entity on a data system. Access control protect against threats such as unauthorized access, inappropriate modification of data, loss of confidentiality. Access control is performed by implementing strong technical, physical and administrative measures. The purpose of access control is to allow authorized users access to appropriate data and deny access to unauthorized users and the mission and purpose of access control is to protect the confidentiality, integrity, and availability of data. Attribute-based access control (ABAC): In this dynamic method, access is based on a set of attributes and environmental conditions, such as time of day and location, assigned to both users and resources.Note: This notes were made using the following books: “CISPP Study Guide” and “CISSP for dummies”.This widely used method is based on a complex combination of role assignments, authorizations, and permissions. The goal is to provide users with access only to data that’s been deemed necessary for their roles within the organization. ![]() Role-based access control (RBAC): RBAC grants access based on defined business functions rather than the individual user’s identity.This model is common in government and military environments. ![]() A central authority regulates access rights based on different security levels.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |