Isc2 Access Control Concepts Notes
Isc2 Access Control Concepts Notes
Access control ensures that users are who they say they are and that they
have appropriate access to resources. The four key components are
identification, authentication, authorization, and accountability.
Identification:
The process of identifying a user within a system. It’s the initial step
where a user claims an identity (e.g., using a username).
Authentication:
Authorization:
This involves tracking the activities of users and systems to ensure they
comply with security policies. Logs and audits help maintain
accountability.
ACLs are lists that define who can access specific resources and what
operations they are allowed to perform. They can be applied to
networks, systems, or applications.