1.1. Access Control Overview

Controlling access to resources is one of the central themes of security. Access control addresses more than just controlling which users can access which files or services. Access control is about the relationships between subjects and objects. The transfer of information from an object to a subject is called access. However, access is not just a logical or technical concept; don't forget about the physical realm where access can involve disclosure, use, or proximity. A foundational principle of access control is to deny access by default if access to a subject is not granted explicitly.

Subjects are active entities that, through the exercise of access, seek information about or data from passive entities, or objects. ...

Get CISSP®: Certified Information Systems Security Professional: Study Guide, Fourth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.