Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
A "Subject" can be?
|
A user, program, process, file computer, database and so on.
|
|
An "Object" can be?
|
A file, database, computer, program process, file, printer, storage media and so on.
|
|
The "Subject" is always the?
|
"Entity" that receives info or data from object.
"Alters" info about or data stored within the object |
|
The "Object" is?
|
The object is always the entity that provides or hosts information or data.
|
|
Access controls are necessary for?
|
To protect CIA "Confidentiality, Integrity and availability of objects.
|
|
CIA Triad is?
|
Confidentiality, Integrity and Availability
|
|
Confidentiality addresses?
|
Access control in the sense that it ensures that only authorized subjects can access objects.
|
|
Integrity Addresses?
|
The preservation of information in that unauthorized or unwanted changes to objects are denied.
|
|
Availability addresses?
|
The ability to obtain access within a reasonable amount of time upon request.
|
|
Preventive or Preventative Access control is?
|
Deployed to stop unwanted or UA activity from occurring. I.E. fences, locks biometrics mantraps, lighting, alarm systems, separation of duties, job rotation..etc
|
|
Deterrent access controls are?
|
Deployed to discourage violation of security policies. Examples include locks, fences, security badges, security guards, mantraps, security cameras, trespass/intrusion alarms.
|
|
Detective Access control:
|
Deployed to discovder unwanted or UA activity. Security guards, gurad dogs, motion detectors, recording and reviewing events on security cams and CCTV.
|
|
Corrective Access control:
|
Deployed to restore systems to normal after an unwaned or UA activity has occurred. i.e IDS, AV, alarms, mantraps, business continuity plans, security policies.
|
|
Recovery Access control:
|
Deployed to repair/restore resources, functons and capabilities after a violation of security policies. Repair and prevents. i.e. backups, fault tolerant drive sys, server clustering,AVS, VM
|
|
Compensation access control:
|
Deployed to provide various options to other existing controls to aid in enforcement/support of security. i.e security policies requirements, personnel supervision, monitoring and work task procedures.
|
|
Detective access control
|
deployed to direct, confine or control the actions of subjects to force or encourage compliance with security policies.i.e. escape route exit signs, posted notifications, guard dogs, security guards.
|
|
Administrative access controls
|
are policies and procedures defined by an organizations seucity policy to implement and enforce overall access control. i.e policies, procedures, hiring practices, background checks, data classification, security training.
|
|
Logical/Technical Access Controls
|
Are hardware/software mechanisms used to manage access. i.e. encryption, smart cards, passwords, biometrics, constrained interfaces, ACLs, protocols, firewalls, routers, IDS.
|
|
Physical Access controls
|
Barriers to prevent direct contact within facility. ie. guards, fences, motion detectors, locked doors, sealed windows.
|
|
Layered Security (Defense in Depth)
|
assets are surrounded by a layer of protection provided by admin cntrl within in turn is surrounded by a logical or technical cntrl then physical cntrl
|
|
Last line of defense
|
People or personnel are the other type of admin cntrl, proper training will educate personnel in implementing, complying and supporting security elements defined in security policy
|
|
Identification
|
Process by which a subject is identified and accountability is initiated. a user provides a UN, logon ID, PIN or smart card.
|
|
Authentication
|
Process of verifying or testing that a claimed ID is valid. Most common form: Password
|
|
Type 1: Something you Know
|
Something you Know: PW, PIN, Lock combo, passphrase etc.
|
|
Type 2: Something you Know
|
Something you have: Smart card, token device, memory card, USB drive.
|
|
Type 3: Something you are
|
Something you are: Fingerprint, voice prints, retina patterns, iris patterns, face shapes, plan topology, hand geometry.
|
|
Something you do
|
Writing a signature, typing a passphrase often included in something you are.
|
|
Somewhere you are
|
Such as the PC from which you log in or the phone number, identified by your IP address. Often associated with Type 2, something you have.
|
|
Two factor authentication
|
occurs when two different factors are required to provide authentication. i.e.
something you have smart card and something you know PIN. |