A healthcare organization wants to implement an access control system that can make decisions based on the patient's relationship to the healthcare provider, time of day, location of access attempt, and sensitivity of the medical records. Which access control model would BEST meet these requirements?
Attribute-based Access Control (ABAC) is the correct answer because it evaluates access requests based on attributes of subjects (users), objects (resources), actions, and environmental conditions. In this healthcare scenario, ABAC can use multiple attributes like the relationship between provider and patient, time of access, location, and data sensitivity level to make dynamic access decisions.
Role-based Access Control (RBAC) would be insufficient as it primarily makes access decisions based on pre-defined roles and doesn't easily accommodate environmental conditions like time and location. Discretionary Access Control (DAC) relies on the resource owner to grant access rights and lacks the fine-grained control needed for multiple attributes. Mandatory Access Control (MAC) uses security labels and clearance levels in a rigid hierarchy, which doesn't allow for the contextual, relationship-based decisions required in this healthcare scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key features of Attribute-based Access Control (ABAC)?
Open an interactive chat with Bash
How does ABAC differ from Role-based Access Control (RBAC)?
Open an interactive chat with Bash
What are the limitations of other access control models like DAC and MAC in this context?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access