Chapter 3 Flashcards
Audit
Independent review and examination of records and activities to assess the adequacy of system controls, ensuring compliance with established policies and operational procedures
Crime Prevention Through Environmental Design (CPTED)
architectural approach to design of buildings and space to emphasize passive features to reduce the likelihood of criminal activity
Defense in Depth
Information security strategy that integrates people, technology, operations to establish barriers across multiple layers and missions of the organization
Discretionary Access Control (DAC)
access control that is left to the discretion of the object’s owner, or anyone else who is authorized to control the object’s access. Owner can determine who should have access rights and what those rights are
Layered Defense
use of multiple controls arranged in series to provide several consecutive controls to protect an asset
Linux
open source operating system, making source code legally available to end users
Log Anomaly
System irregularity identified when studied which could represent events of interest for further surveillance
Logging
Collecting and storing user activities in a log, which is a record of events occurring within an organization’s systems and networks
Logical Access Control Systems
automated system controlling an individual’s ability to access one or more computer system resources
Mandatory Access Control
Access control requiring the system itself to manage access controls in accordance with organization’s security policies
Central authority determines access to resources based on predefined security policies and user clearance levels
Physical Access Controls
controls implemented through a tangible mechanism- exs: walls, fences, guards, locks
Mantrap
Entrance to a building or area, requiring people to pass through two doors with only one door opened at a time
Object
passive information system-related entity containing or receiving information
Principle of Least Privilege
users and programs should only have minimum privileges necessary to complete their tasks
Privileged Account
information system account with approved authorizations of a privileged user
Ransomware
malicious software locking the computer screen/files, preventing/limiting a user from accessing their system and data until money is paid
Role based access control (RBAC)
access control system that sets up user permissions based on roles
Rule
instruction developed to allow or deny access to a system by comparing validated identity of the subject to an access control list
Segregation of Duties
(also known as Separation of Duties)
ensuring that organization process cannot by completed by one person, reducing insider threats
Subject
Individual process/device causing information to flow among objects or change to the subject state
Technical controls
security controls for information system primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system
Unix
Operating system used in software development
User Provisioning
process of creating, maintaining, deactivating user identities on a system
