Access Control: Objects are data, applications, systems, networks, and physical space., Subjects are users, applications, or processes that need access to objects., The access control system includes policies, procedures, and technologies that are implemented to control subjects' access to objects., Administrative controls are policies that describe accepted practices. Examples include directive policies and employee awareness training., Technical controls are computer mechanisms that restrict access. Examples include encryption, one-time passwords, access control lists, and firewall rules., Physical controls restrict physical access. Examples include perimeter security, site location, networking cables, and employee segregation., Authentication, Authorization & Accounting: Identification specifies the name used to identify the subject. Examples include a user name or a user ID number., is the process of validating a subject's identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid., is granting or denying an authenticated subject's access to an object based on the subject's level of permissions or the actions allowed with the object., also referred to as accounting, is maintaining a record of a subject's activity within the information system., A user account is created for each subject., Access Control Policies: Preventive access controls deter intrusion or attacks. These include separation of duties and dual-custody processes., Detective access controls search for details about the attack or the attacker. These include intrusion detection systems., Corrective access controls implement short-term repairs to restore basic functionality following an attack., Deterrent access controls discourage attack escalation., Recovery access controls restore the system to normal operations after the attack and the short-term stabilization period., Compensative access controls are alternatives to primary access controls., Access Control Model: restricts access by assigning attributes to resources., allows access based on a role in an organization; it is not user specific., uses rules applied to characteristics of objects or subjects to restrict access., uses labels for both subjects (users who need access) and objects (resources with controlled access, such as data, applications, systems, networks, and physical space). Every operation performed is tested against a set of authorization policies to determine if the operation is allowed., assigns access directly to subjects based on the owner's discretion., encouraging users to be productive wherever they are.,
0%
Access Control Facts 6.1.3 & 6.1.6 Vocab
שתף
על ידי
Mrspendrak
Vocational / Technical
Computing
עריכת תוכן
הטבעה
עוד
לוח תוצאות מובילות
הצג עוד
הצג פחות
לוח התוצאות הזה הוא כרגע פרטי. לחץ
שתף
כדי להפוך אותו לציבורי.
לוח תוצאות זה הפך ללא זמין על-ידי בעל המשאב.
לוח תוצאות זה אינו זמין מכיוון שהאפשרויות שלך שונות מאשר של בעל המשאב.
אפשרויות חזרה
מיון קבוצה
היא תבנית פתוחה. זה לא יוצר ציונים עבור לוח התוצאות.
נדרשת כניסה
סגנון חזותי
גופנים
נדרש מנוי
אפשרויות
החלף תבנית
הצג הכל
תבניות נוספות יופיעו במהלך המשחק.
תוצאות פתוחות
העתק קישור
קוד QR
מחיקה
האם לשחזר את הנתונים שנשמרו באופן אוטומטי:
?