Page 1021 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1021

A combination of administrative, technical, and physical access
                    controls provides a much stronger defense. Using only

                    administrative, only technical, or only physical controls results in
                    weaknesses that attackers can discover and exploit.


               Summarizing Access Control Models

               The following sections describe five access control models that you
               should understand when studying for the CISSP certification exam. As

               an introduction, the five access control models are summarized here:

               Discretionary Access Control A key characteristic of the
               Discretionary Access Control (DAC) model is that every object has an
               owner and the owner can grant or deny access to any other subjects.
               For example, if you create a file, you are the owner and can grant
               permissions to any other user to access the file. The New Technology
               File System (NTFS), used on Microsoft Windows operating systems,

               uses the DAC model.

               Role Based Access Control A key characteristic of the Role Based
               Access Control (RBAC) model is the use of roles or groups. Instead of
               assigning permissions directly to users, user accounts are placed in
               roles and administrators assign privileges to the roles. These roles are
               typically identified by job functions. If a user account is in a role, the

               user has all the privileges assigned to the role. Microsoft Windows
               operating systems implement this model with the use of groups.

               Rule-based access control A key characteristic of the rule-based
               access control model is that it applies global rules that apply to all
               subjects. As an example, a firewall uses rules that allow or block traffic
               to all users equally. Rules within the rule-based access control model
               are sometimes referred to as restrictions or filters.




                             You may notice some inconsistency in the use of

                  uppercase and lowercase letters for these models. We decided to
                                                      2
                  follow the casing that (ISC)  used in the 2018 CISSP Detailed
                  Content Outline. Rule-based access control is in lowercase and has
                  no acronym. All of the other models have an initial uppercase letter
   1016   1017   1018   1019   1020   1021   1022   1023   1024   1025   1026