Non-Discretionary Access Control. A central authority determines what subjects can have access to
certain objects based on the organizational security policy. The access controls may be based on?
A.
The societies role in the organization.
B.
The individual’s role in the organization.
C.
The group-dynamics as they relate to the individual’s role in the organization.
D.
The group-dynamics as they relate to the master-slave role in the organization.
Explanation:
An access control model defines a computer and/or network system’s rules for user access to
information resources. Access control models provide confidentiality, integrity and also provide
accountability through audit trails. An audit trail documents the access of an object by a subject with
a record of what operations were performed. Operations include: read, write, execute and own.
Non-Discretionary Access Control is usually role-based, centrally administered with authorization
decisions based on the roles individuals have within an organization (e.g. bank teller, loan officer,
etc. in a banking model). A system’s security administrator grants and/or revokes system privileges
based on a user’s role. This model works well for corporations with a large turnover of personnel.