CF Domain 5 Flash Cards
Access Control System
Means to ensure that access to assets is authorized and restricted based on business and security requirements related to logical
Access control tokens
The system decides if access is to be granted or denied based upon the validity of the token for the point where it is read based on time, date, day, holiday, or other condition used for controlling validation.
Accountability
ensures that account management has assurance that only authorized users are accessing the system and using it properly
Attribute based access
control (ABAC)
This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together
Authorization
The process of defining the specific resources a user needs and determining the type of access to those resources the user may have.
Active Directory Federation Services (ADFS)
identity access solution that provides client computers (internal or external to your network) with seamless SSO access to protected Internet-facing applications or services, even when the user accounts and applications are located in completely different networks or orgs
Crossover Error Rate
(CER)
point at which false acceptance (Type 2) error rate equals the false rejection (Type 1) error rate for a given sensor, in a given system and context; it is the optimal point of operation if the potential impacts of both types of errors are equivalent
Capability tables
list privileges assigned to subjects and identify the objects that subjects can access
Central Authentication Service (CAS)
an SSO implementation
Content-dependent control
Content-dependent access control adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access; all employees of an org may have access to the HR database to view their accrued sick time and vacation time, but should an employee attempt to access the content of the CIO’s HR record, access is denied
Context-dependent access control
applies additional context before granting access, with time as a commonly used context
Cross-Site Request Forgery (CSRF)
(AKA XSRF) an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated
Discretionary access control
(DAC)
The system owner decides who gets access
False Acceptance Rate (Type
II FAR)
the percentage of identification instances in which unauthorized persons are incorrectly accepted.
False Rejection Rate (Type I FRR)
the percentage of identification instances in which authorized persons are incorrectly rejected
Ethical Wall
the use of administrative, physical/logical controls to establish/enforce separation of information, assets or job functions for need-to-know boundaries or prevent conflict of interest situations; AKA compartmentalization
Granularity of controls
level of abstraction or detail which in a security function can be configured or tuned for performance and sensitivity
Identity as a Service
(IDaaS)
Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud.
Identity proofing
The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege.
Logical access control system
Non-physical system that allows access based upon pre-determined policies.
Mandatory Access Controls
(MAC)
Access control that requires the system itself to manage access controls in accordance with the organization’s security policies.
Multi factor authentication
Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.
Open Authorization
(OAuth)
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Physical access control
system
An automated system that manages the passage of people or assets through an opening(s) in a secure perimeter(s) based on a set of authorization rules
