Chapter 3

Question 1

What is a subject

Answer 1

Generally an individual, process, or device causing information to flow among objects or change to the system state.

Question 2

What is are characteristics of a subject

Answer 2

It is active, it initiates a request for access to resources or services.

Requests a service from an object

Should have a level of permissions that relates to its ability to access services or resources.

Question 3

Define an object

Answer 3

Anything that a subject attempts to access is a referred to as an object

Question 4

What are some characteristics of objects

Answer 4

Passive - a device, process, person, user, program, server, client or other entity that responds to a request for service.

By definition, objects do not contain their own access control logic

May have a classification.

Question 5

What is an access rule

Answer 5

An instruction developed to allow or deny access to an object by comparing the validated identity of the subject, to an ACL

Question 6

What are some characteristics of rules

Answer 6

Compare mulitple attributes to determine appropriate access
allow or deny access to an object
Define how much access is allowed
Apply time-based access

Question 7

What do controls do

Answer 7

Limit risk to a tolerable level.

Logical and physical controls when combined, limit risk

Question 8

define CPTED

Answer 8

Crime Prevention through environmental design

approaches the challenge of creating safer workspaces through passive design elements