Assurance

            Assurance is the measure of trust or confidence in the
            effectiveness of the security controls. In this case, assurance
            would be proof that the information classification and handling
            procedures are being followed and protecting the information.
            Some of the common assurance mechanisms include checking
            the labeling and handling of the data.



            Access Control Theorems
            There are two primary theorems used concerning access control
            systems. These are Discretionary Access Control (DAC) and
            Mandatory Access Control (MAC). These refer to the principles
            of policy, procedures, and system and data protection. These
            terms have been used since the 1970s as ways to describe
            information access control theories.



            DAC
            Most of the access control systems in the world are DAC. DAC
            systems are used in physical access, network access, and system
            and application access as an easy method of enforcing
            appropriate access control rules as determined by the asset
            owner. Whether or not access is granted is at the discretion of
            the owner. It is up to the owner to decide who should or should
            not have access, what level of access they should be granted,
            and ensure that the rules are set out to manage access
            permissions correctly.

            In a DAC system, the rules are set by the owner and enforced by
            the access control system itself.