Heterogeneous and dynamic environments creates a need for a viable access control system in such a way that the security of data and information will be solidly ensured. Organizations have various types of resources that need access regulation. The purpose of which is to make sure that only the intended can access the resources while keeping the unauthorized person out of the loop. Even at that, hierarchy, type and the degree of task delegated to a user will determine the level of access that he or she will be granted. For example, a user with role “accountant” normally has different access rights than user with role “supervisor”. The sensitivity of resources is directly proportional to the security level mounted upon the resources and likewise the degree of access.
Many challenges are witnessed during the course of implementing access control mechanism in information security, and all of them cannot be dealt with equally. This development introduced threat to information security which consequently sets in the requirement for appropriate countermeasures in ensuring risk of losing sensitive and important data into the hands of unauthorized users are mitigated. In this paper, the role played by the access control models in dictating the path in granting or denying specific access requests will be investigated in a dynamic information security environment.
Current researches studies many methodologies and appreciations for the evaluation and implementation of protection and controls with information privacy . However, since access control application is a major factor in information system security, there is a need for building a dynamic access control policy. These policies form the certificatory, regulatory and, legislator requirements to control the usage of the access rather than just anchoring the security of resources on the access control devices. This is a motivation of this paper.
Trust is an important issue in access control, considering that the access control mechanism will be handled by a personnel which could change his mind in performing opposite of the legitimate role and function he or she supposed to do. However, there are few papers that discussed about this issue of trust, knowing fully well that, the first step in securing a system or any other resources is to first regulate and monitor access to that system. To know who log in, when the login was made and, what was accessed. Micheal  discussed four effects of human factor in security, hiring talent with right attitude, employee and executive accountability for security practices, data governance by executive and senior management, and cyber insurance and the need to minimize liability.
The first input of this paper is to provide a detailed role played by the three most primary models of access control, discretionary access control (DAC), mandatory access control (MAC) and, role-based access control (RBAC). This information will allow us to see the technicality behind...