CISSP Essentials

CISSP Essentials training: Domain 2, Access Control

In this all-new CISSP Essentials Security School lesson featuring a two-part video tutorial, learn about the CBK section covering access control.

Access controls enable the protection of security assets by restricting access to systems and data by users, applications and other systems. It's not glamorous, but without a doubt, the tenants of sound access control are the cornerstone of any enterprise information security program.

In this CISSP Essentials Security School lesson, Domain 2, Access Control, expert CISSP exam trainer Shon Harris details why access controls are essential in regulating how users and systems interact with resources.

In addition to this introductory page, this lesson features an in-depth domain spotlight article, two all-new full-length video tutorials, and a 15-question quiz with sample exam questions that model the new, interactive nature of the CISSP exam. 


SearchSecurity's CISSP Essentials series of CISSP certification training lessons offers a comprehensive introduction to not only the CISSP exam, but also the knowledge needed to succeed in the information security profession. Each lesson, which contains a spotlight article, one or more video lectures and a practice quiz, corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge" -- the essential elements each CISSP-certified practitioner must know.

Domain 2 spotlight article

Familiarize yourself with the access control domain with this Domain 2 spotlight article, which begins with the fundamental principles of access control including the concepts of "subjects" and "objects," and the controls and rules that are put into place to govern how they interact. Expert Shon Harris also covers access control models and technologies, identity management, federated identity and threats to access control systems.

Domain 2 training video: Authentication technologies, federated identities

In the first of two all-new video tutorials on access control, our Domain 2 training video on authentication technologies and federated identities lays out the four steps of authentication -- identification, accountability, authentication and authorization -- as well as various authentication characteristics, the importance of two-factor authentication and why it's critical to understand the difference between user access and device access.

Domain 2 training video: Access control models, administration, IPS/IDS

In our follow-up Domain 2 training video on access control models, administration and IPS/IDS, Harris discusses not only what authentication is, but also how access control functions within an operating system. Then get a deep-dive on the interaction between subjects and objects, which delves into discretionary, mandatory and role-based access control. Finally, Harris reviews different methods of access control administration, various authentication protocols, and offers a brief introduction on intrusion detection and prevention.

Domain 2 quiz: Access control models and components

Finally, after reading the spotlight article and two training videos, test your comprehension of the material with our Domain 2 quiz on access control models and components. The 15-question interactive quiz uses a variety of multimedia components to mimic the interactive nature of the new CISSP exam.

About the instructor:
Shon HarrisShon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored several international best-selling books on information security published by McGraw-Hill and Pearson which have sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks for various publishers and articles for trade magazines.

Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris was recognized as one of the top 25 women in the information security field by Information Security magazine.

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as (ISC)2.


Next Steps

NEXT after completing this lesson, proceed to Domain 3: Cryptography.

RETURN to SearchSecurity's CISSP Essentials Security School main page.

This was first published in September 2014

Dig Deeper on CISSP Certification



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: