During ISSA 2017, Ulrich Lang, CEO/Founder ObjectSecurity will present: Make Access Control Great Again!
Infrastructure Access control means many things to many people. The least common denominator is user logins and roles. However, there is a lot (!) more to access control than that. Unfortunately access control is among the most ill understood, least developed aspects of Cybersecurity. At the same time controlling access to IT resources it is the core underpinning of cybersecurity.
Over the years both scientists and marketeers came up with a myriad of concepts, acronyms and terms to describe different kinds of aspects of access control. Acronyms incl. MAC vs DAC, IBAC/AuthNBAC, RBAC, ABAC, PBAC, ZBAC/AuthZBAC, NAC/AppAC/OSAC/VMAC, HistBAC, NGAC, RAdAC, HBAC, CBAC, GraphBAC, BPMBAC, and many more. In addition, terms such as entitlement management, authorization management, micro segmentation, nano segmentation, VLANs, isolation, separation, adaptive/ dynamic authorization etc. are used by vendors to describe their products.