Chapter 4. Access Control

This chapter presents the following:

• Identification methods and technologies

• Authentication methods, models, and technologies

• Discretionary, mandatory, and nondiscretionary models

• Accountability, monitoring, and auditing practices

• Emanation security and technologies

• Intrusion detection systems

• Possible threats to access control practices and technologies

A cornerstone in the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature.