An organization has decided to implement a policy-driven access control system to manage access to its resources. Access to resources differs greatly team by team. The IT security team wants to ensure compliance with company policies regarding data protection and user access. During a meeting, the discussion turns to how best to enforce these policies so that only authorized employees can access sensitive financial records. Which of the following access control models would best fit this scenario?
Role-Based Access Control (RBAC)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Attribute-Based Access Control (ABAC)
|General Security Concepts
|Threats, Vulnerabilities, and Mitigations
|Security Program Management and Oversight