A systems administrator is configuring a system that uses data classification labels.
Which of the following will the administrator need to implement to enforce access control?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
To enforce access control based on data classification labels, the systems administrator needs to implement a type of access control that can enforce rules based on those labels.
There are several types of access control mechanisms, including:
Discretionary access control (DAC): In DAC, the owner of a resource determines who can access it and what level of access they have. The owner has complete control over the access control decisions, and can grant or revoke access as needed. However, this type of access control does not take into account the sensitivity of the data being accessed.
Mandatory access control (MAC): In MAC, the system administrator sets security labels on resources and subjects (users, processes, etc.) based on their security clearance level. The system then enforces access control based on these labels. This type of access control is commonly used in military and government environments.
Role-based access control (RBAC): In RBAC, access control is based on a user's role within the organization. Users are assigned roles, and each role is associated with a set of permissions. Access is granted based on the user's role, rather than their individual identity. This type of access control is commonly used in large organizations.
Rule-based access control (RBAC): In RBAC, access control is based on a set of rules defined by the system administrator. These rules can take into account a variety of factors, including data classification labels, time of day, location, and user identity. This type of access control is highly customizable and can be tailored to meet the specific needs of an organization.
In this case, the best option for the systems administrator to enforce access control based on data classification labels would be Mandatory Access Control (MAC). This is because MAC takes into account the sensitivity of the data being accessed and can enforce access control based on security labels. However, Role-based Access Control (RBAC) and Rule-based Access Control (RBAC) may also be used to enforce access control based on data classification labels, depending on the specific needs of the organization.