xliv Access Control Models
ity, when Joe takes the data from that machine and copies it to his laptop to
work on when traveling on the airplane, that data has most likely become
compromised unless Joe’s laptop, too, has been reviewed, inspected, and
cleared for processing of that particular level of data sensitivity. If his
machine has not been cleared, there is no assurance that the data has NOT
been compromised. The policies in place at Joe’s organization must be
known to Joe in order to be effective, and they must be enforced in order to
remain effective.
Access Control Criteria
When implementing security access controls, five common criteria are used
to determine whether access is to be granted or denied: location, identity,
time, transaction, and role (LITTR). Location refers to the physical or logi-
cal place where the user attempts access. Identity refers to the process that is
used to uniquely identify an individual or program in a system. Time
parameters can be control factors that are used to control resource use (for
example, contractors are not allowed access to system resources after 8:00
P.M. Monday through Friday, and not at all on weekends). Transaction cri-
teria are program checks that can be performed to protect information from
unauthorized use, such as validating whether or not a database query
against Payroll records that is coming from a user identified as belonging to
the HR department is valid. Finally, a Role defines which computer-related
functions can be performed by a properly identified user with an exclusive
set of privileges specific to that role. All of these criteria are implemented in
varying degrees across the depth and breadth of a security plan. The policies
and procedures used by an organization to make the plan effective deter-
mine the interplay among this criteria.
Access Control Models
When an organization begins to implement access control procedures, there
are three basic models from which an administrator can choose to imple-
ment. These three models are (1) Mandatory, (2) Discretionary, and (3)
Nondiscretionary. Each has its particular strengths and weaknesses, and the
implementer must decide which model is most appropriate for his or her
given environment or situation. It is important to point out that most oper-
ating, network, and application systems security software in use today pro-
vides administrators with the capability to perform data categorization,
discretionary access control, identity-based access control, user-discretion-
ary access control, and non-discretionary access control. This section will