Which principle refers to the rejection of access unless it is explicitly granted?

The principle that refers to the rejection of access unless it is explicitly granted is known as implicit deny. This concept is a fundamental security principle, often applied in access control systems. It ensures that by default, access is not permitted to any resource unless there are clear permissions set to allow that access.

Implementing an implicit deny approach helps to minimize the risk of unauthorized access, as it acts as a safety net to protect sensitive data and resources. This principle ensures that any user or process that is not explicitly granted permission to access a system, file, or network is automatically denied access, which enhances the overall security posture of the environment.

In contrast, explicit allow refers to the notion of granting permissions to specific users or processes, and access control encompasses overall strategies for managing who can access what resources, which doesn't specifically define the rejection aspect. Authorization pertains to the process of verifying whether an individual has the right to access certain resources, focusing more on the validation after access attempts have been made than on the default denial of access.