Video Description

In previous sections we covered the various types of access control models. In this one, we discuss the main types of access control methods. The first method discussed, and one which has been touched on in previous sections, is rule-based access control. This consists of technologies to control what a subject can do on an object. It uses specific rules and logic derived from those rules to determine what actions can be taken by users. Examples of this in action are the various levels of firewalls. We next discuss constrained user interfaces and the concepts around them. The goal is to keep users out of the interior (secure) portion of the system. This is enforced by frontend interfaces. An example is the console of an ATM that prevents customers from accessing maintenance mode. The next access control method we look at is content dependent access controls. This method determines access based on the type of data being considered. Email filters set to look for security triggers such as SSN, etc. are an example. Finally, we discuss context dependent access control. This method focuses on not what, but how access is requested. Accounting department employees may access all accounting-related files, but restrictions regarding from where (remotely) and when (after 7pm) might be enforced.

Course Modules

ISC2 CISSP