Access control - is the ability to permit or deny access to resources on a network or computer., Access control policy - defines the steps and measures that are taken to control access to objects., Access control system - includes policies, procedures, and technologies that are implemented to control access to objects., Authentication - is the process of validating identity. It includes the identification process, a user providing input to prove identity, and the system accepting that input as valid., Authorization - is granting or denying access to an object based on the level of permissions or the actions allowed with the object., Auditing - also referred to as accounting, is maintaining a record of the activity within the information system., Objects - are data, applications, systems, networks, and physical space., Subjects - are users, applications, or processes that need access to objects., Principle of least privilege - states that users or groups are given only the access they need to do their jobs and nothing more., Need to know - describes the restriction of data that is highly sensitive and is usually referenced in government and military context., Separation of duties - is the concept of having more than one person required to complete a task. This is a preventive principle primarily designed to reduce conflicts of interest. It also prevents insider attacks because no one person has end-to-end control and no one person is irreplaceable., Job rotation - is a technique where users are cross-trained in multiple job positions. Responsibilities are regularly rotated between personnel., Defense-in-depth - is an access control principle which implements multiple access control methods instead of relying on a single method. Multiple defenses make it harder to bypass security measures., Identification - is the act of claiming an identity, such as telling someone your name., Multi-Factor Authentication - is the process of using more than one way to verify identity. In the computer world, it is achieved by requiring two or more methods that only the user can provide., Mutual authentication - is when two communicating entities authenticate each other before exchanging data. It requires not only the server to authenticate the user, but the user to authenticate the server., Account creation - apply the appropriate access rights based on the job role as implemented in the access control system. Use the principle of least privilege and grant only the minimum privileges required to perform the duties of the position., Active accounts - apply the appropriate access rights based on the job role as implemented in the access control system. Use the principle of least privilege and grant only the minimum privileges required to perform the duties of the position., Creeping privileges - occur when a user's job position changes and the user is granted a new set of access privileges, but the user's current access privileges are not removed or modified, resulting in privilege escalation. As a result, the user accumulates privileges that are not necessary for the current work tasks., End-of-life procedures - should include not only deactivating or deleting unused accounts, but also destroying data that might remain on storage media. This will prevent sensitive data from being accessible to unauthorized users.,

Access Control Models 6.1 Vocab

嵌入

排行榜

视觉风格

选项

切换模板

恢复自动保存: