Access Control Flashcards
Methods used to secure data and information by verifying a user has
permissions to read, write, delete, or otherwise modify it
Access Control
- The access control policy is determined by the owner
Discretionary Access Control (DAC)
An access control policy where the computer system determines
the access control for an object
Mandatory Access Control (MAC)
Label-based access control that defines whether access should be
granted or denied to objects by comparing the object label and
the subject label
Rule Based Access Control
Utilizes complex mathematics to create sets of objects and
subjects to define how they interact
Lattice Based Access Control
An access model that is controlled by the system (like MAC) but
utilizes a set of permissions instead of a single data label to define
the permission level
Role Based Access Control
§ The access control policy is determined by the owner
Best PRactices
All access to a resource should be denied by default and only be allowed
when explicitly stated
Implicit Deny
Users are only given the lowest level of access needed to perform their
job functions
Least Privilege
§ Requires more than one person to conduct a sensitive task or operation
Seperation of Duties
Occurs when users are cycled through various jobs to learn the overall
operations better, reduce their boredom, enhance their skill level, and
most importantly, increase our security
Job Rotation
§ Permissions assigned to a given user
User Rights
§ Collection of users based on common attributes (generally work roles)
Groups
Occurs when a user gets additional permission over time as they rotate
through different positions or roles
Privilege Creep
Process where each user’s rights and permissions are revalidated to
ensure they are correct
* Hired
* Fired
* Promoted
User Access Recertification