CHAPTER 19
Access Control
An access control system prevents actions on an object by unauthorized individuals (subjects). To permit or deny access to an information asset correctly, an organization must manage identification, authentication, authorization, audit, and eventually accountability (refer also to Chapter 2).
A few key concepts are essential for understanding access control. A subject is the party or system seeking access. Since a subject can be a user, a program, or simply a machine, sometimes the word party is used because it is more generic. An object is the target to be accessed by the subject. The object is one of information assets, as discussed in Chapter 10. The subject will execute actions on objects through a controlled access. ...
Get Information Assurance Handbook: Effective Computer Security and Risk Management Strategies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.