UnixTime

Research Note

Access Control

Access control is the set of rules and mechanisms used to decide who can access information and systems, what they can do, and how that access is approved, changed, reviewed, an...

On this page

Plain-language meaning

Access control is the set of rules and mechanisms used to decide who can access information and systems, what they can do, and how that access is approved, changed, reviewed, and removed.

For ISO/IEC 27001 study, link this concept back to A.5.15 Access Control. That control note explains the access control policy and rules. Related lifecycle controls include A.5.16 Identity Management, A.5.17 Authentication Information, and A.5.18 Access Rights.

Practical use

Use this concept when reviewing least privilege, role-based access, privileged access, joiner-mover-leaver processes, authentication rules, and periodic access reviews.

Exam cue

Access control is the broad governance topic. Identity management handles identities, authentication information handles credentials, and access rights handles provisioning, review, modification, and removal of permissions.

  • Iso27001
  • Isms
  • Fundamentals
  • Access control

Note Metadata

Aliases: Logical Access Control

Source: 01 Fundamentals/Access Control.md