CISSP For Dummies

The Access Control domain encompasses the set of mechanisms employed to restrict or direct the behavior, use, and content of an information system. It defines a user’s rights on a system, including what a user can do and what resources are available to a user.

This domain is covered in Chapter 4. Major topics include

• Accountability

• Access control techniques

• Access control administration

• Access control models

• Identification and authentication techniques

• Access control methodologies and implementation

• File and data ownership

• Methods of attack

• Monitoring

• Penetration and vulnerability testing