Domain 1 is covered in this Chapter:

The access controls area includes the mechanisms that allow a system manager to specify what users and processes can do, which resources they can access, and what operations they can perform.

Introduction

When looking at the domains of the SSCP exam, the first subject listed is access controls. The heart and soul of information security is controlling access to objects. All other security measures and techniques are pointless if the objects they are protecting have no access controls. This is the foundation upon which all other security-related subjects are based.

So what is access control? Access control encompasses the security controls, processes, or procedures whereby access to specific objects is either granted or denied based on pre-established policies or rules. Access control is made up of many different parts, but at its roots is a very simple concept: Allow objects to be accessed (limiting the manner in which they are accessed) by authorized users, while denying access to unauthorized users.

To understand access control, it is best to first break it down into individual parts. First, there are the objects that need to be accessed. These objects are referred to as access control objects because they are objects that need to have controlled access. Objects consist not only of data, but also hardware devices, data networks, and buildings. When working with information security, almost anything can be considered an access control object.

Another part of access control are access control subjects