Infosec glossary entry

ABAC

ABAC :
Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a security model that grants or denies access to resources based on the attributes of users, the environment, and the resources themselves. In contrast to traditional access control methods, such as Role-Based Access Control (RBAC), which rely on predefined roles, ABAC allows for more granular access decisions by evaluating dynamic attributes. These attributes can include user characteristics (such as job title, department, or security clearance), environmental conditions (like time of access or location), and resource attributes (for instance, the sensitivity of the data).

The flexibility of ABAC makes it particularly useful in complex environments where access needs may vary significantly. For example, an employee may have access to certain sensitive data only during business hours, or only if they are accessing it from a secure network. This model enhances security by ensuring that access rights can adapt to specific situations and policies, reducing the risk of unauthorized access and improving compliance with regulatory requirements. By implementing ABAC, organizations can better manage who has access to what, based on a wide range of factors rather than relying solely on static roles.

[...] is an authorization model that evaluates attributes (or characteristics), rather than roles, to determine access. The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorized users and actions—those that don’t have “approved” characteristics as defined by an organization’s security policies. https://www.okta.com/blog/2020/09/attribute-based-access-control-abac/

By jean-christoph

April 11, 2023

access control
Leave a Comment

this might interest you as well

Lessons from Sun Tzu’s “The Art of War” in Cybersecurity: Timeless Wisdom or Outdated Tactics?

Introduction Sun Tzu’s "The Art of War" is a legendary strategic treatise written more than 2,500 years ago. Its enduring principles of warfare strategy have transcended military boundaries, influencing disciplines from business management to competitive sports. In today’s digital age, its relevance is increasingly apparent in the cybersecurity landscape, particularly for CISOs of medium-sized enterprises,

Read More

Ransomware Resilience Starts in the Mind: Overcoming Cognitive Biases and Decision-Making Errors in Cybersecurity

Why We Keep Losing Despite Stronger Security Controls Over the past three years, businesses have almost doubled their confidence in cybersecurity—rising from 32% in 2021 to 54% in 2024 (The Global Cost of Ransomware Study, 2025). Despite this, ransomware’s impact has only grown: 40% of affected companies suffered significant revenue losses, 58% experienced operational downtime,

Read More

AI Cyber Security 2025: Key Threats and Essential Strategies for Your Business

Artificial Intelligence is transforming businesses and industries worldwide, but with this transformation comes unprecedented challenges. The recent launch of Cisco AI Defense, a specialized AI security solution, highlights the urgency of securing AI applications. According to Cisco, only 29% of enterprises feel fully prepared to detect and prevent unauthorized manipulations of AI systems. This low

Read More