Access Control Flashcards
What is access control?
It is a defensive strategy that IT specialists employ to regulate who can access specific resources or information within an organization and what they can do with it. There are various access control models, including discretionary access control or DAC, mandatory access control or MAC, and role-based access control or RBAC.
What are the (3) Access Controls?
It is discretionary access control or DAC, where the resource owner can control who can access it and what permissions they have. Mandatory access control or MAC, on the other hand, is based on a predefined set of rules set by the system administrator, restricting access based on security levels or classifications. Role-based access control or RBAC is another widely used model that assigns permissions to users based on their roles within an organization. This model simplifies access management by grouping users with similar job functions and assigning them the same permissions. RBAC can help a company manage access rights more centrally. Instead of maintaining oversight of each employee, they can monitor groups. Employee status and access rights are automatically altered with their role in the company.
What is privileged management?
Involves defining and managing privileged accounts with elevated permissions. Because if misused, these accounts can compromise a system. Privileged management targets more sensitive resources and data to reduce the risks of unauthorized activities and data breaches.
Least privilege is a policy where companies will only grant an employee the amount of access
required to perform a task and no more. Another aspect of least privilege is that once the task is done, the user gives up access to the service or resource, which makes the environment more secure.
What is Role Based Access Control (RBAC)?
Is where access rights are assigned based on users’ roles within the organization. RBAC simplifies access management by grouping users with similar job functions. Regular security audits and monitoring access logs can also help organizations identify and address potential security vulnerabilities in their access control systems.
This is augmented through the use of group policies. Instead of assigning permissions to each individual employee, an organization can create groups with clearly defined permissions. Employees added to a specific group then adhere to the group permissions. Groups can also be assigned to projects. The group permissions expire when the project is complete, significantly reducing the overhead for a project manager.
