What Access Control Does Not Permit Managers to Do
Question
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system.
It does not permit management to:
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system.
It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system.
Specifying HOW to restrain hackers is not directly linked to access control.
Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 12.
Access control refers to the process of managing access to resources or services within a system. The primary objective of access control is to ensure that only authorized individuals or entities are allowed to access the resources they require, while preventing unauthorized access or use of the system.
The mechanisms that are used for access control include authentication, authorization, and auditing. Authentication refers to the process of verifying the identity of an individual or entity seeking access to a resource or system. Authorization involves determining the level of access that an authenticated user should have, based on their role or privileges within the system. Auditing involves tracking and recording access to resources to ensure that they are being used in accordance with organizational policies and procedures.
Access control allows managers of a system to exercise control over the behavior, use, and content of a system. This includes the ability to specify what users can do, which resources they can access, and what operations they can perform on a system. For example, an administrator may be able to specify that only certain users can access certain files, or that certain users have read-only access to specific directories.
However, access control does not provide managers with the ability to specify how to restrain hackers. While access control measures can help prevent unauthorized access to a system, they cannot guarantee that the system will not be breached. To help prevent hacking attempts, managers may need to implement additional security measures, such as intrusion detection systems, firewalls, and security awareness training for employees.
