Module 03: Access Control Concepts (Domain 3)
📅 Date Started: 2026-04-24
📅 Date Completed: 2026-04-24
🎯 What I Learned:
- Physical Access Controls: Badge systems, biometrics, CCTV, security guards, and environmental design
- Logical Access Controls: Authentication, authorization, and accounting (AAA) frameworks
- Access Control Models: DAC, MAC, RBAC, and the principle of least privilege
- Segregation of Duties: Preventing conflicts of interest and reducing insider threat risk
💡 Key Takeaways:
- Access must be granted based on need-to-know and role requirements—not convenience
- Physical and logical controls work together to create defense-in-depth
- Regular access reviews prevent privilege creep and reduce attack surface
🔗 Links/Resources:
- ISC2 CC Access Controls Domain (https://www.isc2.org/certifications/cc/cc-certification-exam-outline)
- NIST SP 800-41: Guidelines on Firewalls and Firewall Policy (https://csrc.nist.gov/publications/detail/sp/800-41/rev-1/final)
📸 Screenshot:
Domain 3 completion badge