Implementing Access Controls
An access control provides a mechanism to restrict or control access to resources. These resources can be logical, such as files and folders hosted within a network, or physical, such as facilities. Access control starts with identification and authentication. Once individuals have been reliability authenticated, you can control their access.
Comparing Subjects and Objects
Two primary terms related to access controls are subjects and objects. In short, a subject accesses a resource, and an object is the resource being accessed. As a simple example, if a user accesses a project file stored on a server, the user is the subject and the project file is the object.
With this in mind, you would first ensure that subjects ...
Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
