06 August 2019

Information Security: Access Control Model (Definitions)

"A list of credentials attached to a resource that indicates who has authorized access to that resource." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"In Windows-based systems, a list of access control entries (ACE) that apply to an entire object, a set of the object's properties, or an individual property of an object, and that define the access granted to one or more security principals." (Microsoft, SQL Server 2012 Glossary, 2012)

"An electronic list that specifies who can do what with an object. For example, an ACL on a file specifies who can read, write, execute, delete, and otherwise manipulate the file." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition" 2nd Ed., 2013)

"A list of permissions attached to specified objects. " (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Lists of permissions that define which users or groups can access an object." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed, 2015)

"In systems such as electronic records management, electronic document and records management systems, or document management systems, a list of individuals authorized to access, view, amend, transfer, or delete documents, records, or files. Access rights are enforced through software controls." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"A data structure that enumerates the access rights for all active entities (e.g., users) within a system." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed, 2018)

No comments:

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.