Discretionary Access Controls, also known as DAC, are types of cybersecurity measures that allow or restrict access based upon the discretion of the employee as opposed to the file or resource owner. For example, if Bob has administrative rights to his computer, he can install any software he wants at his own discretion. Likewise, if a file folder labeled Human Resources is world-readable on the file server, then employees could access these restricted files at their discretion (risking termination possibly in so doing). However, it is at the discretion of the employee whether a file is installed or accessed. In contrast to DAC, mandatory access controls (or MAC) establish technology restrictions preventing employees from installing software on their computer by removing Administrative rights from each end user. They prevent access to HR files by setting restrictive permissions on the directories in which those files are stored and limit access to HR employees only. MAC prevents actions from occurring even when an employee attempts them. DAC allows employee actions to occur even when a governance policy states such activities are not allowed.
What Does This Mean For My SMB?
Setting up Discretionary Access Controls (DACs) is something that every single business should adopt. CyberHoot recommends that MSPs and SMBs establish governance policies to guide employee behaviors and decision-making when MAC controls are not possible. This would include the following:
CyberHoot also recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
Related Term: Mandatory Access Controls (MAC)
Source: Techopedia
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read moreA newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.