From the course: CISA Cert Prep: 5 Information Asset Protection for IS Auditors

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Access control models

Access control models

From the course: CISA Cert Prep: 5 Information Asset Protection for IS Auditors

Start my 1-month free trial

Access control models

- [Instructor] Alright, let's talk about access controls. So some important terms to know about when we talk about access controls are subjects, objects, and access. Well, a subject is the thing that does the accessing. It's the user that's interacting with the system. It's anything that can access something else, and the something else that we access is the object. The object is the passive entity that is accessed by subject. So, users are subjects, objects are things like files, or print services, or other services, maybe even a process you might consider an object in a way. And then access is the sort of level of interactivity that a subject is given to that object. It's the what you can do with that object like read, modify, delete, et cetera. And typically, information flows from subject to object and then from object to subject, or vice versa, right? We have information flowing between the two usually. So an access control model, that's what this section's really all about, is…

Contents