O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Categories of Access Control

The two categories of access controls are

check.png System access controls: Controls in this category protect the entire system and provide a first line of defense for the data contained on the system.

check.png Data access controls: Controls in this category are specifically implemented to protect the data contained on the system.

System access controls

System access controls are the hard and crunchy outside of a system, providing the first line of defense in information security. They protect systems and information by restricting access to the system.

Although system access controls can provide complete authentication, authorization, and accountability (AAA), they’re renowned for authentication.

You can base authentication on any of three factors:

check.png Something you know, such as a password or a personal identification number (PIN): This concept is based on the assumption that only the owner of the account knows the secret password or PIN needed to access the account. Username and password combinations are the simplest, least expensive, and therefore most common authentication mechanism implemented today. Of course, passwords are often shared, stolen, guessed, or otherwise ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required