0% found this document useful (0 votes)
40 views2 pages

Isc2 Access Control Concepts Notes

ISC2 ACCESS CONTROL CONCEPTS NOTES
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
40 views2 pages

Isc2 Access Control Concepts Notes

ISC2 ACCESS CONTROL CONCEPTS NOTES
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

2.

Access Controls Concepts (2 pages)

What is Access Control?:

Access control ensures that users are who they say they are and that they
have appropriate access to resources. The four key components are
identification, authentication, authorization, and accountability.

Identification:

The process of identifying a user within a system. It’s the initial step
where a user claims an identity (e.g., using a username).

Authentication:

Authentication verifies that the claimed identity is legitimate. There are


several methods:

1. Something You Know: Passwords, PINs.


2. Something You Have: Smartcards, tokens.
3. Something You Are: Biometrics (fingerprints, retina scans).

Multi-factor authentication (MFA) is a security mechanism that requires


two or more authentication factors, reducing the risk of unauthorized
access.

Authorization:

Authorization determines what resources a user can access after


successful authentication. Access control models include:

 Role-Based Access Control (RBAC): Permissions are assigned


based on the user's role (e.g., finance, HR).
 Discretionary Access Control (DAC): The data owner determines
who can access the information.
 Mandatory Access Control (MAC): The system enforces access
controls based on predefined security policies.
Accountability:

This involves tracking the activities of users and systems to ensure they
comply with security policies. Logs and audits help maintain
accountability.

Types of Access Control Models:

 RBAC (Role-Based Access Control): Limits access based on


roles within the organization.
o Example: A network engineer may have access to all
network devices, while a receptionist would only access basic
communication tools.
 MAC (Mandatory Access Control): Used in environments where
access is strictly regulated, such as military settings.
 DAC (Discretionary Access Control): The data owner has control
over who can access their resources.

Access Control Lists (ACLs):

ACLs are lists that define who can access specific resources and what
operations they are allowed to perform. They can be applied to
networks, systems, or applications.

 Example: On a firewall, ACLs can define which IP addresses are


allowed to connect to specific services.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy