Access Control Administration

Once an organization develops a security policy, supporting procedures, standards, and guidelines (described in Chapter 3), it must choose the type of access control model: DAC, MAC, or role-based. After choosing a model, the organization must select and implement different access control technologies and techniques. Access control matrices, restricted interfaces, and content-dependent, context-dependent, and rule-based controls are just a few of the choices.

If the environment does not require a high level of security, the organization will choose discretionary and/or role-based. The DAC model enables data owners to allow other users to access their resources, so an organization should choose the DAC model only ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.