34,333
edits
Changes
New page: One of the key foundations of a comprehensive IT security strategy involves implementing an appropriate level of access control to all computer systems in an organization or enterprise. Th...
One of the key foundations of a comprehensive IT security strategy involves implementing an appropriate level of access control to all computer systems in an organization or enterprise. This chapter of [[Security+ Essentials]] we will provide an understanding of four types of access control for which an understanding is required to achieve CompTIA Security+ certification:
* Mandatory Access Control
* Discretionary Access Control
* Rule-Based Access Control
* Role-Based Access Control
== An Overview of Access Control ==
The term ''Access Control'' is something of an ambiguous term. To some it could be interpreted as controlling the access to a system from an external source (for example controlling the login process via which users gain access to a server). In fact, such access control is actually referred to as ''Authentication'' or ''Idendity Verification'' (which is covered in the [[Security+ - Authentication and Identity Verification|Authentication and Identity Verification]] chapter of this book).
The term ''Access Control'' actually refers to the control over access to system resources ''after'' a user's account and identity has been authenticated and access to the system granted. For example, a particular user, or group of users, might only be permitted access to certain files after logging into a system while being denied access to all other resources.
* Mandatory Access Control
* Discretionary Access Control
* Rule-Based Access Control
* Role-Based Access Control
== An Overview of Access Control ==
The term ''Access Control'' is something of an ambiguous term. To some it could be interpreted as controlling the access to a system from an external source (for example controlling the login process via which users gain access to a server). In fact, such access control is actually referred to as ''Authentication'' or ''Idendity Verification'' (which is covered in the [[Security+ - Authentication and Identity Verification|Authentication and Identity Verification]] chapter of this book).
The term ''Access Control'' actually refers to the control over access to system resources ''after'' a user's account and identity has been authenticated and access to the system granted. For example, a particular user, or group of users, might only be permitted access to certain files after logging into a system while being denied access to all other resources.