Non-Discretionary Access Control. A central authority determines what subjects can have access
to certain objects based on the organizational security policy. The access controls may be based
on?

A.
The societies role in the organization.

B.
The individual’s role in the organization.

C.
The group-dynamics as they relate to the individual’s role in the organization.

D.
The group-dynamics as they relate to the master-slave role in the organization.

Explanation:
An access control model defines a computer and/or network system’s rules for user
access to information resources. Access control models provide confidentiality, integrity and also
provide accountability through audit trails. An audit trail documents the access of an object by a
subject with a record of what operations were performed. Operations include: read, write, execute
and own.
Non-Discretionary Access Control is usually role-based, centrally administered with authorization
decisions based on the roles individuals have within an organization (e.g. bank teller, loan officer,
etc. in a banking model). A system’s security administrator grants and/or revokes system
privileges based on a user’s role. This model works well for corporations with a large turnover of

personnel.