Additional Access Control Objectives

B.

Availability assures that a system's authorized users have timely and uninterrupted access to the information in the system.

The additional access control objectives are reliability and utility.

These and other related objectives flow from the organizational security policy.

This policy is a high-level statement of management intent regarding the control of access to information and the personnel who are authorized to receive that information.

Three things that must be considered for the planning and implementation of access control mechanisms are the threats to the system, the system's vulnerability to these threats, and the risk that the threat may materialize Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32.

Access control objectives are security requirements that define the goals and purposes of an access control system. They help to ensure that only authorized users can access the system, while also protecting the system from unauthorized access and misuse.

The four traditional access control objectives are confidentiality, integrity, availability, and accountability. However, there are other access control objectives that may be considered, depending on the specific needs of the system.

Out of the options given, A. Consistency and utility, and B. Reliability and utility are additional access control objectives. C. Usefulness and utility, and D. Convenience and utility are not typically considered access control objectives.

Consistency refers to the need for access control policies and procedures to be applied uniformly across the system. This ensures that all users are subject to the same rules and restrictions, which can help to prevent errors and inconsistencies that could compromise security.

Reliability refers to the need for access control mechanisms to function correctly and consistently over time. This ensures that users can rely on the system to work as intended, which is critical for maintaining security.

Utility refers to the need for access control mechanisms to be useful and effective for their intended purpose. This includes factors such as ease of use, scalability, and compatibility with other systems.

In summary, while confidentiality, integrity, availability, and accountability are the traditional access control objectives, consistency and reliability are also important for ensuring the effectiveness of an access control system. Utility is also a key consideration for ensuring that the system is useful and effective for its intended purpose.