2 cissp ® Official Study Guide Eighth Edition


Summarizing Access Control Models



Download 19,3 Mb.
Pdf ko'rish
bet590/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   586   587   588   589   590   591   592   593   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Summarizing Access Control Models 
The following sections describe fi ve access control models that you should understand when 
studying for the CISSP certifi cation exam. As an introduction, the fi ve access control mod-
els are summarized here: 
Discretionary Access Control
A key characteristic of the Discretionary Access Control 
(DAC) model is that every object has an owner and the owner can grant or deny access 
to any other subjects. For example, if you create a fi le, you are the owner and can grant 
permissions to any other user to access the fi le. The New Technology File System (NTFS), 
used on Microsoft Windows operating systems, uses the DAC model. 
Role Based Access Control
A key characteristic of the Role Based Access Control (RBAC) 
model is the use of roles or groups. Instead of assigning permissions directly to users, user 
accounts are placed in roles and administrators assign privileges to the roles. These roles 
are typically identifi ed by job functions. If a user account is in a role, the user has all the 
privileges assigned to the role. Microsoft Windows operating systems implement this model 
with the use of groups. 
Rule-based access control
A key characteristic of the rule-based access control model is 
that it applies global rules that apply to all subjects. As an example, a fi rewall uses rules 
that allow or block traffi c to all users equally. Rules within the rule-based access control 
model are sometimes referred to as
restrictions
or
fi lters

You may notice some inconsistency in the use of uppercase and lowercase 
letters for these models. We decided to follow the casing that (ISC) 
2
used 
in the 2018 CISSP Detailed Content Outline. Rule-based access control is 
in lowercase and has no acronym. All of the other models have an initial 
uppercase letter and have an acronym. As an example, Role Based Access 
Control (RBAC) has the first letter in each word as uppercase and is abbre-
viated with the RBAC acronym.

Comparing Access Control Models 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   586   587   588   589   590   591   592   593   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish