O'Reilly logo

Information Assurance Handbook: Effective Computer Security and Risk Management Strategies by Steven Hernandez, Corey Schou

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 19

Access Control

An access control system prevents actions on an object by unauthorized individuals (subjects). To permit or deny access to an information asset correctly, an organization must manage identification, authentication, authorization, audit, and eventually accountability (refer also to Chapter 2).

A few key concepts are essential for understanding access control. A subject is the party or system seeking access. Since a subject can be a user, a program, or simply a machine, sometimes the word party is used because it is more generic. An object is the target to be accessed by the subject. The object is one of information assets, as discussed in Chapter 10. The subject will execute actions on objects through a controlled access. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required