Glad you find it helpful! All the best to your studies!

You’re welcome!

Yeah, I saw that. Only DAC is discretionary as far as I have seen in other sources. Everything else is non discretionary.

Finally, proof that this guy is human - I was starting to get an inferiority complex when comparing his quality of work. Loving the videos.

The destination CISSP book states you should stay away from non-discretionary, that is contradiction to the what I see out there. I see RBAC implemented more than anything.

Hi Alex, Thanks for pointing out something that has become very confusing in regards to the CISSP. It turns out that even the official guide is wrong and many of the other materials that have ‘copied’ the original ‘wrong’ description of ‘non-discretionary’ access control. Here’s the explanation. Discretionary access control is simply defined as ‘the owner decides who can access what they own of behalf of the organization.’ Any system that allows the owner to be accountable for deciding who can access their assets, is operating in discretionary mode. So, in role based access, even though we create ‘roles’ or ‘groups’ that a whole bunch of people may be part of, it is still up to the OWNER to decide what the role or group should have as far as permissions is concerned. That, by definition, is the definition of discretionary. And here is where the confusion usually appears. The owner may ‘delegate’ that RESPONSIBILITY to a system administrator to administer the role-based requirements, but the owner still remains ACCOUNTABLE. In Non-discretionary access control, an owner DOES NOT exists, and that why we leave it up to the next-best choice, the administrator. Non-discretionary should not exist, we don’t like it because there is no real ACCOUNTABILITY. There should always be an owner that is ACCOUNTABLE. In Role-based access control, there should always be an owner that is ACCOUNTABLE for who has access, and what permissions, the role or group has. Therefore, it is an example of discretionary. Hope that clears things up.

@@destcert Is there an article where I can find this clarification?

@@destcert I would really appreciate some source for those claims as this is the only place on the Internet I've found such classification. Thanks in advance!

@@destcert I think there is always an owner for the data. In Non-Discretionary there is a General somewhere that decides that this data should be Secret or Top Secret... :)

@@destcert I too am finding this EXTREMLY confusing considering both The Sybex Edition 8 Official Study Guide and the guys at IT Dojo questions of the day 5:50 (kzbin.info/www/bejne/jXu6p5aPq5Jghbs) contradicts this. The further detailed explanation you provided here makes it seem as if its possible to have both Role-Based and Rule-Based Access controls be Discretionary and Non-Discretionary. Even though 'THERE SHOULD' be an accountable owner, it sounds like its still possible to create roles with permissions that DON'T have an accountable owner. Its confusing because you mention that Accountability is a Service of AC but then mention an AC model that does not have Accountability and "should not exist". If its an access control model that doesn't meet the fundamental access control model requirements, wouldn't it just not be considered an access control?

Glad you like the videos! I’m working my way through the other domains. Domain 7 is up next.

@@destcert Awesome!, thanks you!

Thank you so much 😀

Ha! Love the Witcher reference. Thanks so much for the coffees. Greatly appreciated! All the best in your studies!

You're awesome, too! Thanks for watching! Explore more CISSP resources at destcert.com 🙌

he answered above

Thanks!

Writing domain 4 MindMaps now. Will record likely next week. Should be out before January.

@@destcert Thanks for the return and congratulations again for the materials provided with excellent quality.

Yup! I am working through the other domains. Domain 8 is up next, then 2, 3, and 4.

Many thanks and appreciated

You're welcome!

Not yet. Working on that!

I'm working on them now!

Just uploaded the first of 4 Domain 4 videos. The remainder will be up in the next 2-3 weeks. All the best in your studies!

@@destcert Thanks Rob. I had my exam on the 31st and passed at a 100 questions. Your videos were helpful for getting me back into the flow of studying all the concepts

Just uploaded the first of 4 Domain 4 videos. The remainder will be up in the next 2-3 weeks. All the best in your studies!

@@destcert Thank you!!! I love your videos!

I know, right??? 😜

@@destcert 2nd rule from isc2 code of ethics canon: act honestly,justly etc. Give him a like :) 😂😂

I am working on Domain 3 now, and domain 4 next.