• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/35

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

35 Cards in this Set

  • Front
  • Back
subject
entities that can perform actions in the system
object
resources with controlled access
access permissions
allows/prohibits read, write, delets
access control list(acl)
list of permissions attached to an object
preventative controls
attempts to avoid the occurrence of unwanted events
detective controls
attempts to identify unwanted events after they have occurred
deterrent controls
attempts to discourage unwanted events before they have occurred
corrective control
attempts to correct unwanted events after they have occurred
compensatory controls
designed to reduce the probability of threats
administrative controls
guidance,policies, procedures
logical/technical controls
system access restrictions using IT(encryptions, smart cards, acl's)
physical controls
controlling physical access to resources(guards, locks, cameras)
principle of least privilege
minimum access required to perform tasks
principle of separation of duties and responsibilities
minimize fraud damage and risk through separation of task
need to know
access to systems or data based on job roles
mandatory access control (MAC)
based on a subjects clearance and an objects and objects classifacation label
discretionary access control(DAC)
data owners dictate wheat subjects have access to owned objects
non-discretionary access control (NDAC)
role0based access control (RBAC)
lattice-based access control (LBAC)
mathematical range of acceptable security levels and access attempts
centralized avvess control systems
one entity is responsible for overseeing avvess (system controled)
decentralized access control systems
multiple entities are responsible for overseeing access (user controled)
something you know
authentication by knowledge(PIN, password)
something you have
authentication by ownership(access card, badge, key card)
something you are
authencation by characteristic(voice, finger print)
brute force attack
tocycle thryough ever possible combination to break encryption
dictionary attack
list of words to guess/crack passwords
spoofing
imitating a legitimate source to gain access
denial of service (dos)
make computer resources unavailable to users
sniffer
a tool that monitors traffic as it traverses a network
pentration test
authorized test to discover/exploit security vulnerabilities
host based IDS's
software to detect malicious activity on the host
network based IDS's
software to detect malicious actibvity on the network
intrusion prevention systems(IPS)
software to prevent malicious activity
signature based IDS
detects malicious activity by searchig for known signatures
anomaly based IDS
detects malicious activity by searching for abnormal behavior