• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/29

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

29 Cards in this Set

  • Front
  • Back
A "Subject" can be?
A user, program, process, file computer, database and so on.
An "Object" can be?
A file, database, computer, program process, file, printer, storage media and so on.
The "Subject" is always the?
"Entity" that receives info or data from object.

"Alters" info about or data stored within the object
The "Object" is?
The object is always the entity that provides or hosts information or data.
Access controls are necessary for?
To protect CIA "Confidentiality, Integrity and availability of objects.
CIA Triad is?
Confidentiality, Integrity and Availability
Confidentiality addresses?
Access control in the sense that it ensures that only authorized subjects can access objects.
Integrity Addresses?
The preservation of information in that unauthorized or unwanted changes to objects are denied.
Availability addresses?
The ability to obtain access within a reasonable amount of time upon request.
Preventive or Preventative Access control is?
Deployed to stop unwanted or UA activity from occurring. I.E. fences, locks biometrics mantraps, lighting, alarm systems, separation of duties, job rotation..etc
Deterrent access controls are?
Deployed to discourage violation of security policies. Examples include locks, fences, security badges, security guards, mantraps, security cameras, trespass/intrusion alarms.
Detective Access control:
Deployed to discovder unwanted or UA activity. Security guards, gurad dogs, motion detectors, recording and reviewing events on security cams and CCTV.
Corrective Access control:
Deployed to restore systems to normal after an unwaned or UA activity has occurred. i.e IDS, AV, alarms, mantraps, business continuity plans, security policies.
Recovery Access control:
Deployed to repair/restore resources, functons and capabilities after a violation of security policies. Repair and prevents. i.e. backups, fault tolerant drive sys, server clustering,AVS, VM
Compensation access control:
Deployed to provide various options to other existing controls to aid in enforcement/support of security. i.e security policies requirements, personnel supervision, monitoring and work task procedures.
Detective access control
deployed to direct, confine or control the actions of subjects to force or encourage compliance with security policies.i.e. escape route exit signs, posted notifications, guard dogs, security guards.
Administrative access controls
are policies and procedures defined by an organizations seucity policy to implement and enforce overall access control. i.e policies, procedures, hiring practices, background checks, data classification, security training.
Logical/Technical Access Controls
Are hardware/software mechanisms used to manage access. i.e. encryption, smart cards, passwords, biometrics, constrained interfaces, ACLs, protocols, firewalls, routers, IDS.
Physical Access controls
Barriers to prevent direct contact within facility. ie. guards, fences, motion detectors, locked doors, sealed windows.
Layered Security (Defense in Depth)
assets are surrounded by a layer of protection provided by admin cntrl within in turn is surrounded by a logical or technical cntrl then physical cntrl
Last line of defense
People or personnel are the other type of admin cntrl, proper training will educate personnel in implementing, complying and supporting security elements defined in security policy
Identification
Process by which a subject is identified and accountability is initiated. a user provides a UN, logon ID, PIN or smart card.
Authentication
Process of verifying or testing that a claimed ID is valid. Most common form: Password
Type 1: Something you Know
Something you Know: PW, PIN, Lock combo, passphrase etc.
Type 2: Something you Know
Something you have: Smart card, token device, memory card, USB drive.
Type 3: Something you are
Something you are: Fingerprint, voice prints, retina patterns, iris patterns, face shapes, plan topology, hand geometry.
Something you do
Writing a signature, typing a passphrase often included in something you are.
Somewhere you are
Such as the PC from which you log in or the phone number, identified by your IP address. Often associated with Type 2, something you have.
Two factor authentication
occurs when two different factors are required to provide authentication. i.e.
something you have smart card and something you know PIN.