CISSP · Question #583
Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?
The correct answer is C. Role mining to define common access patterns is performed.. In RBAC implementation, the planning phase is most critical because role mining-the process of analyzing existing access patterns to define roles-forms the entire structural foundation of the RBAC model.
Question
Options
- AThe criteria for measuring risk is defined.
- BUser populations to be assigned to each role is determined.
- CRole mining to define common access patterns is performed.
- DThe foundational criteria are defined.
How the community answered
(22 responses)- B5% (1)
- C91% (20)
- D5% (1)
Why each option
In RBAC implementation, the planning phase is most critical because role mining-the process of analyzing existing access patterns to define roles-forms the entire structural foundation of the RBAC model.
Defining risk measurement criteria is a risk management activity, not a core component of RBAC planning, which focuses on defining roles and access assignments rather than risk metrics.
Assigning user populations to roles is an implementation/execution activity that occurs after roles have already been defined through role mining in the planning phase.
Role mining is the analytical process performed during planning where existing user access patterns, entitlements, and job functions are examined to identify and define meaningful roles. Without properly mined roles that reflect real access needs, the entire RBAC structure will be flawed, leading to either over-provisioning or under-provisioning of access. This makes planning the most critical phase because errors here propagate through every subsequent phase of implementation.
While foundational criteria are indeed defined during planning, this answer is too vague and does not identify the specific, technically critical activity (role mining) that makes planning the most important phase of RBAC implementation.
Concept tested: RBAC implementation planning and role mining process
Source: https://csrc.nist.gov/projects/role-based-access-control
Topics
Community Discussion
No community discussion yet for this question.