The IT Security team of a financial institution is implementing a new system that should ensure that access permissions to sensitive financial records align strictly with employee job functions. Compliance requirements dictate that every access permission must be auditable and cannot be based on individual discretion. Which authorization model best suits the security and compliance requirements of this scenario?
The Role-Based Access Control (RBAC) model is designed to restrict system access to authorized users. This model is the most aligned with scenarios in which access to resources needs to be assigned based on roles within an organization, making it easier to manage and audit. Attribute-Based Access Control (ABAC) and Discretionary Access Control (DAC) are less suited for this scenario. ABAC can be highly dynamic, which can be complex to audit, while DAC allows owners of the resources to specify access, which does not meet the non-discretionary requirement of the scenario. The Security Support Provider Interface (SSPI) is a Microsoft API used for security-related functions and is not an access control model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main features of Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
How does Attribute-Based Access Control (ABAC) differ from RBAC?
Open an interactive chat with Bash
Why is Discretionary Access Control (DAC) not suitable for this scenario?