Your definition of access controls in the AAA model is excellent. I appreciate how you put together authentication, authorization, and accounting as the blocks on which a firm’s access control model is based. Your elucidation of role-based access control (RBAC) and segregation of duties was the gem as key factors that thwart abuses and reduce the possibility of errors or frauds. The inclusion of data classification and continuous monitoring enables a security strategy that is holistic in the sense that policy, technology, and monitoring work together. I also liked that you highlighted physical controls, which always seem to fall outside of cybersecurity discussions. Overall, your post provides a good summary of how multi-layered access control policy can protect sensitive data and operational integrity.