Scribd Logo
Upload

Welcome to Scribd!

  • Non Discretionary Access Control

    Uploaded by

    anuv
    24 views1 page
    User profiles define access levels for users and are configured by security administrators. This type of access control is called nondiscretionary access control, where access is not determined by users but by security policies set by administrators. The goal is to protect critical organizational assets by controlling whether users can change system settings, access command prompts, or install unauthorized applications. Nondiscretionary controls ensure compliance with an organization's security policies.

    Original Description:

    Original Title

    CISSP567 notes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    User profiles define access levels for users and are configured by security administrators. This type of access control is called nondiscretionary access control, where access is not determined by users but by security policies set by administrators. The goal is to protect critical organizational assets by controlling whether users can change system settings, access command prompts, or install unauthorized applications. Nondiscretionary controls ensure compliance with an organization's security policies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    24 views1 page

    Non Discretionary Access Control

    Uploaded by

    anuv
    User profiles define access levels for users and are configured by security administrators. This type of access control is called nondiscretionary access control, where access is not determined by users but by security policies set by administrators. The goal is to protect critical organizational assets by controlling whether users can change system settings, access command prompts, or install unauthorized applications. Nondiscretionary controls ensure compliance with an organization's security policies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    In most environments user profiles are created and loaded on user workstations that indicate the level

    of control the user does and does not have. As a security administrator you might configure user profiles
    so that users cannot change the system’s time, alter system configuration files, access a command
    prompt, or install unapproved applications. This type of access control is referred to as nondiscretionary,
    meaning that access decisions are not made at the discretion of the user. Nondiscretionary access
    controls are put into place by an authoritative entity (usually a security administrator) with the goal of
    protecting the organization’s most critical assets.

    Non Discretionary Access Control

    Non-DAC access control is when a central authority determines what subjects can have access to what
    objects based on the organizational security policy. Centralized access control is not an existing security
    model.

    • RBAC - include Role Based Access Control (RBAC) and Rule Based Access Control (RBAC or
    RuBAC).
    RBAC – Role Based Access Control – Privileges on resources are mapped to job functions. This prevents
    an object being shared with those not authorized. No conflict of interest or No issues with separation of
    duties.
    • TBAC – Task based, Time – Sequence - Dependencies
    • ORCON – Originator controlled – owner controls the lifecycle – used in military (ORCON2) –
    direct readers not to spread the information without the express consent of the originator.
    • DRM – digital rights management, intellectual content like books, music or movies need
    methods to control who is authorized to access the content. This needs to have the portability features
    because users may be accessing it from different platforms like computer, ipad or OS like windows, linux
    etc. DRM relies on cryptographic techniques to preserve the authenticity and access to protected
    information.
    • UCON – Usage controlled – frequency of access. – For example a video store wanted to rent
    access to its movies, but also wants to limit the frequency of view to 3 times. DRM techniques measures
    that attempt to control who can access the content, but they do not control how often.
    • Rule-based - is when you have ONE set of rules applied uniformly to all users. A good example
    would be a firewall at the edge of your network. A single rule based is applied against any packets
    received from the internet.

    You might also like