Final answer:
Access control is the concept that determines what resources users can access after they log on. It involves authorization after authentication, and it is distinct from other security processes such as auditing and defense in depth.
Step-by-step explanation:
The concept that determines what resources users can access after they log on is c) access control. Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data.
Access control systems perform authorization, which is the process of giving someone permission to do or have something. After a user has been authenticated (usually through entering a username and password), the system uses access control policies to determine whether the user is allowed to access certain resources or perform certain actions. Different levels of access can be granted to different users or groups in an organization.
Auditing is related but distinct, as it deals with tracking the use of resources, not granting access. Authentication is the process of verifying identity, which occurs before access control. Finally, defense in depth is a comprehensive approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information if one mechanism fails.