Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

12. Access Control Models

Introduction

  • An access control model is a framework that dictates how subjects access objects.
  • It uses access control technologies and security mechanisms to enforce the rules and objectives of the model.
  • There are three main types of access control models:
    • Discretionary,
    • Mandatory, and
    • Nondiscretionary (also called role-based).