What is authorization and what are the techniques to enforce authorization in information security?
the_cyberguy Answered question 22/08/2022
Authorization is the process of determining access based on access control list (ACL) and security policies for a subject to an object. Before a subject can access an object, it must be identified, authenticated and authorized. Moreover, is the process of granting a subject permission to access specific object once its identity is verified. However, subjects should have the right security clearance, need-to-know and least privilege to resources or objects even if they are authorized.
Some methods to ensure authorization include the following:
- Access control systems (role based access control (RBAC), attribute based access control (ABAC), mandatory access control (MAC), discretionary access control (DAC), rule based access control (RuBAC)
- Identity and access management (IAM)
the_cyberguy Answered question 22/08/2022