O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Access Control

The Access Control domain covers the mechanisms by which a system grants or revokes the right to access data or perform an action on an information system.

Access Control systems include

check.png File permissions, such as “create,” “read,” “edit,” or “delete” on a file server.

check.png Program permissions, such as the right to execute a program on an application server.

check.png Data rights, such as the right to retrieve or update information in a database.

CISSP candidates should fully understand access control concepts, methodologies, and their implementation within centralized and decentralized environments across an organization’s computing environment.

Chapter 4 covers this domain in detail. Major Access Control topics include

check.png Reviewing concepts, methodologies, and techniques of access control

check.png Knowing the risks, vulnerabilities, and attacks that target access control

check.png Assessing the effectiveness ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required