CISSP Crash Course - Implement and Manage Authorization

Access is determined by environmental factors.

Access is controlled by the owner or data custodian.

Access is based on the user's role in the organization.

Access is managed by the system administrator.

Access is the same for all employees.

Access is based on the employee's role, such as doctor or nurse.

Access is determined by the time of day.

Access is controlled by the patient's condition.

It is managed by the data custodian.

It is less fine-grained than role-based access control.

It uses classification labels for access.

It uses specific rules and filters to determine access.

By using discretionary permissions.

By using classification labels and security domains.

By using environmental factors.

By using roles and responsibilities.

The user's role in the organization.

The ownership of the data.

The environmental context, such as location and time.

The classification label of the data.