Chapter 14: Controlling and Monitoring Access Flashcards
- What are Permissions?
Permissions refer to the access granted for an object and determine what you can do with it
- What are Rights?
Rights refers to the ability to take an action on an object.
- What are Privileges?
Privileges are the combination of rights and permissions.
4.
What is implicit deny?
Implicit deny principle ensures that access to an object is denied unless access has been explicitly granted to the subject.
- What is Access Control Matrix?
Access control matrix is a table that includes subjects, objects and assigned privileges.
- What are capability tables?
capability tables are subject focused and identify objects that subjects can access.
- What is constrained interface?
constrained interface are used by applications to restrict what users can do or see based on their privileges.
- What are Content -Dependent Control? Content
Content-Dependent access controls restrict access to data based on the content within an object.
- What are Context-Dependent Control?
Context-dependent access control require a specific activity before granting access.
- What is need to know?
Need to know principle ensures hat subjects are granted access only to what they need to know for their work tasks and job functions.
- What is the difference between least privilege and need to know?
least privilege will include the right to take action on a system.
- What is separation of duties?
separation of duties and responsibilities principle ensures that sensitive functions are split into tasks performed by 2 or more employees
- What is a security policy?
A security Policy is a document that defines the security requirements of an organisation. It identifies assets that need protection and the extent to which security solutions should go to protect them. It provides an overview of the company’s security needs.
- What is Discretionary Access Control?
Discretionary Access Control means that every object has an owner and the owner can grant or deny access to any other subjects. e.g. New Technology File System (NTFS)
• A DAC model is implemented using access control lists (ACLs) on objects.
- What is Role Based Access Control?
Role based Access Control (RBAC) means that user accounts are placed in roles and administrators assign permissions privileges to the roles.
- What is the key characteristic of Rule Based Access Control?
Rule Based Access Control model applies global rules that apply to all subjects.
- What are rules in Rule based access control?
restrictions or filters
- What are Attribute Based Access Control?
Attribute Based Access Control (ABAC) model use rules that can include multiple attributes.
- What is Mandatory Access Control?
Mandatory Access Control models applies the use of labels to both subjects and objects. The MAC model is prohibitive rather than permissive, and it uses an implicit deny philosophy. The MAC model is more secure than the DAC model, but it isn’t as flexible or scalable.
- What are non-discretionary access controls? Administrators
Administrators centrally administer non discretionary access control.
- What is Attribute Based Access Control?
Attribute Based Access Control (ABAC) is an advanced implementation of rule based access control. ABAC models use policies that include multiple attributes for rules. e.g. attributes may be group membership, department, devices etc.