What role does access control play in information security?

• A. Facilitates open access to all data for users
• B. Determines who can view or use resources
• C. Provides unlimited access to guest users
• D. Restricts access to only system administrators

Answer: (B)

Access control is fundamental to information security as it defines and manages user permissions related to data and system resources. It involves authenticating users to verify their identity and authorizing them to determine what information they are permitted to access or manipulate. By implementing access control mechanisms, organizations can restrict or grant access based on the principle of least privilege, meaning users receive only the minimum levels of access necessary to perform their jobs.

This ensures sensitive information is protected from unauthorized access, significantly reducing the risk of data breaches and misuse. Effective access control is vital for safeguarding confidentiality, integrity, and availability of data, which are the cornerstones of information security practices.