According to the following scenario, what would be the most appropriate Access Control model to deploy?
Scenario:
A medical records database application is used by a health-care worker to access blood test records. If a
record contains information about an HIV test, the health-care worker may be denied access to the existence
of the HIV test and the results of the HIV test. Only specific hospital staff would have the necessary access
control rights to view blood test records that contain any information about HIV tests.
A. Discretionary Access Control
B. Context-Based Access Control
C. Content-Dependent Access Control
D. Role Based Access Control
