Plain-language meaning
Access control is the set of rules and mechanisms used to decide who can access information and systems, what they can do, and how that access is approved, changed, reviewed, and removed.
For ISO/IEC 27001 study, link this concept back to A.5.15 Access Control. That control note explains the access control policy and rules. Related lifecycle controls include A.5.16 Identity Management, A.5.17 Authentication Information, and A.5.18 Access Rights.
Practical use
Use this concept when reviewing least privilege, role-based access, privileged access, joiner-mover-leaver processes, authentication rules, and periodic access reviews.
Exam cue
Access control is the broad governance topic. Identity management handles identities, authentication information handles credentials, and access rights handles provisioning, review, modification, and removal of permissions.
Related notes
- Iso27001
- Isms
- Fundamentals
- Access control
Note Metadata
Aliases: Logical Access Control
Source: 01 Fundamentals/Access Control.md