What is the primary function of access control in information security?

Access control is a fundamental aspect of information security that primarily focuses on determining who is allowed to access specific resources within a system or network. This involves establishing policies and mechanisms that enforce restrictions on access based on various criteria, such as user identity, roles, and permissions.

By implementing access control, organizations can effectively protect sensitive information, ensuring that only authorized personnel can view or interact with certain data or systems. This helps to mitigate the risk of unauthorized access, data breaches, and potential malicious activities, while also maintaining compliance with regulatory requirements and industry standards.

The other options serve different purposes within the realm of information security. Encrypting data stored on a hard disk is aimed at protecting data confidentiality and integrity but does not directly regulate access. Monitoring network traffic for anomalies focuses on detecting suspicious activities and potential threats, while installing security patches helps to fix vulnerabilities within software but again does not pertain to access regulation. Thus, determining who can access specific resources is the core functionality that underpins effective access control.