Describe four common access control policies.

Discretionary Access Control (DAC): This is the most common type of access control policy. In DAC, the owner of the information or any protected system determines who can access it. The owner sets the policies defining who can or cannot have access to a specific resource. This is a flexible system, but it can also lead to lower security if the owner does not manage permissions carefully.

Mandatory Access Control (MAC): In MAC, access to system resources is controlled by the operating system based on a set of system-wide policies. These policies are typically set by an administrator and cannot be changed by users. MAC is often used in systems that require a high level of security, such as military or government systems.

Role-Based Access Control (RBAC): In RBAC, access permissions are based on the roles of individual users within an organization. Each role has certain access rights, and users are assigned roles based on their responsibilities and qualifications. This makes it easier to manage and control access to resources, especially in large organizations.

Attribute-Based Access Control (ABAC): ABAC is a more flexible and complex system than the others. In ABAC, access is granted not just based on the role of the user, but also on a set of other attributes, such as the time of day, location of access, type of access required, etc. This allows for a high level of customization and can provide a high level of security, but it can also be more difficult to manage due to its complexity.