Many of the current policy-based management systems implement policies that depend on dynamic operational environment contexts. The existing formal-based approaches for enforcing security policies are mainly expressed using first-order logic. A major drawback of using first-order logic in implementing dynamic policies is that new observations cannot override previously inferred consequences. In fact, a security system whose enterprise policies are implemented using first-order logic is required to have complete access to data in advance in order to be able to perform an informed reasoning and enforce restricting policies. As a major problem, the systems designed based on these first order logic-based approaches are often static, inflexible, and hard to manage and scale. This paper introduces an approach for expressing and enforcing adaptive access control policies dynamically. The paper presents a non-monotonic formal approach based on Answer Set Programming where default policies are explicitly separated from context-dependent and exception policies that often occur in dynamic systems and in particular when the required context data are unavailable ahead of time. The results of presented case study demonstrate the flexibility of the proposed approach compared to the first order logic-based context-sensitive approaches as implemented in Organizational-Based Access Control (ORBAC) model.