11 Logical Access Controls
This chapter covers
- Access Control Models: DAC, MAC, and RBAC
- Identity management technologies
- The monitoring of logical access
In the previous chapter, we explored how administrative controls guide and regulate human behavior and how physical access controls use tangible barriers to restrict access to areas or assets. However, these measures alone are insufficient for protecting digital environments. This brings us to logical access controls, which use software-based mechanisms to authenticate users, authorize actions, and protect systems and data.
Logical controls add another layer of defense. Even if someone gains physical access to a device, these controls can prevent unauthorized use. For instance, accessing a computer’s data requires physical possession of the device and valid login credentials. Logical controls also help enforce administrative policies by defining when and how users can access systems. For example, they can limit logins to specific roles, locations, or times of day.
During a typical workday, users navigate multiple systems, applications, and data sources. Requiring a separate login for each would be inefficient and disruptive. To streamline this process, organizations implement identity and access management (IAM) solutions that centralize authentication while maintaining security, such as single sign-on (SSO) and federated identity management (FIM) systems.