Chapter 3 mod 3

Question 1

What is the fundamental difference between physical access controls and logical access controls?

Answer 1

Physical access controls are tangible methods restricting access to areas or assets, while logical access controls are electronic methods limiting access to systems and, at times, tangible assets or areas.

Question 2

How do logical access controls operate, and what is their primary focus?

Answer 2

Logical access controls operate electronically, focusing on restricting access to systems. They ensure that only authorized individuals, even if physically present, can gain logical access to specific assets.

Question 3

Name three types of logical access controls and provide examples of their implementation.

Answer 3

Three types of logical access controls are:
Passwords
Biometrics (implemented on a system, e.g., on a smartphone or laptop)
Badge/token readers connected to a system

Question 4

In what scenarios are logical access controls particularly effective, and how do they complement physical access controls?

Answer 4

Logical access controls are particularly effective in scenarios where individuals may have physical access but need restrictions on system access. They complement physical access controls by adding an additional layer of security, ensuring authorized individuals have the right to access specific assets electronically.

Question 5

How does the use of passwords contribute to logical access controls, and what is their role in electronic security?

Answer 5

Passwords contribute to logical access controls by serving as electronic credentials. They play a vital role in electronic security by restricting access to systems, ensuring that only individuals with the correct password can gain authorized access.

Question 6

Explain the implementation of biometrics as a form of logical access control.

Answer 6

Biometrics, implemented on a system such as a smartphone or laptop, involves using unique physiological or behavioral characteristics to authenticate a user’s identity. This adds a layer of security by ensuring that only individuals with the correct biometric features can gain logical access.

Question 7

How are badge/token readers connected to a system utilized for logical access control?

Answer 7

Badge/token readers connected to a system are used for logical access control by requiring individuals to present a valid badge or token to gain access. This electronic verification ensures that only those with the proper credentials can access the system.

Question 8

Why is it essential to have both physical and logical access controls in place for comprehensive security?

Answer 8

Having both physical and logical access controls is essential for comprehensive security because physical controls restrict tangible access, while logical controls add an electronic layer of protection, ensuring that even those with physical access are authorized to use systems.

Question 9

What role do logical access controls play in limiting unauthorized access to assets and information?

Answer 9

Logical access controls play a crucial role in limiting unauthorized access to assets and information by electronically restricting access to systems. This ensures that only individuals with the correct credentials can gain logical access, adding an extra layer of security.

Question 10

How do logical access controls contribute to the overall security of an organization’s electronic assets?

Answer 10

Logical access controls contribute to the overall security of an organization’s electronic assets by preventing unauthorized access to systems. They ensure that only authorized individuals can use electronic resources, protecting sensitive information and maintaining the integrity of digital assets.

Question 11

What is Discretionary Access Control (DAC), and how does it differ from other access control policies?

Answer 11

Discretionary Access Control (DAC) is a specific type of access control policy enforced over all subjects and objects in an information system. In DAC, a subject with access can pass information to others, grant privileges, change security attributes, associate security attributes with new objects, and modify access control rules. This differs from other access control policies, such as mandatory access controls.

Question 12

What are the key actions that a subject with access in a DAC system can perform regarding information and privileges?

Answer 12

In a DAC system, a subject with access can:
Pass information to other subjects or objects
Grant its privileges to other subjects
Change security attributes on subjects, objects, information systems, or system components
Choose security attributes for newly created or revised objects
Change the rules governing access control (with restrictions in mandatory access controls)

Question 13

How does DAC grant users a high level of control over access to information in information systems?

Answer 13

DAC grants users a high level of control over access to information by allowing them to share or pass on files to others, essentially providing the user with a level of access similar to the original owner of the file. This flexibility is a characteristic of DAC systems.

Question 14

In what way does DAC typically function in information systems, and what actions can a user with access to a file perform?

Answer 14

DAC typically functions in information systems by allowing a user with access to a file to share or pass it to someone else. The user can perform actions such as sharing the file, granting privileges, and modifying security attributes, resembling the level of access of the original owner.

Question 15

What capabilities does a user have in a DAC system regarding the security attributes of newly created or revised objects?

Answer 15

In a DAC system, a user can choose the security attributes for newly created or revised objects. This means they have the authority to determine the security features associated with objects they create or modify.

Question 16

How does DAC relate to rule-based access control systems, and what is a common characteristic they share?

Answer 16

Rule-based access control systems are usually a form of DAC. DAC and rule-based systems share the characteristic of allowing users significant control over access permissions, enabling them to define and manage access rules based on their discretion.

Question 17

What distinguishes DAC from mandatory access controls, particularly in terms of changing access control rules?

Answer 17

While DAC allows users to change access control rules, mandatory access controls restrict this capability. This distinction highlights that users in a DAC system have the discretion to modify rules governing access, a freedom limited in mandatory access control systems.

Question 18

What is the prevalence of DAC systems in the world of information systems?

Answer 18

Most information systems in the world are DAC systems, indicating the widespread adoption of Discretionary Access Control policies. This prevalence emphasizes the significance of allowing users discretion in managing access to information.

Question 19

What is Mandatory Access Control (MAC), and how does it differ from other access control policies?

Answer 19

Mandatory Access Control (MAC) is a policy uniformly enforced across all subjects and objects in an information system. Unlike other access control policies, only designated security administrators can modify security rules for subjects and objects, restricting subjects from unauthorized actions.

Question 20

How is MAC enforced in terms of security rule modification, and who has the authority to modify these rules?

Answer 20

MAC is uniformly enforced, allowing only designated security administrators, recognized as trusted subjects, to modify security rules for subjects and objects within the system. This ensures a centralized and controlled approach to rule modification.

Question 21

What distinguishes MAC from DAC in terms of who can control access within the information system?

Answer 21

The primary difference between MAC and DAC lies in who can control access. In MAC, it is mandatory for security administrators to assign access rights or permissions, whereas in Discretionary Access Control (DAC), it is at the object owner’s discretion.

Question 22

What actions are subjects constrained from performing in a system governed by MAC?

Answer 22

In a MAC system, subjects are constrained from:
Passing information to unauthorized subjects or objects
Granting their privileges to other subjects
Changing security attributes on subjects, objects, the information system, or system components
Choosing security attributes for newly created or modified objects
Changing the rules governing access control

Question 23

Who has the authority to assign a subset of total privileges for a subset of objects in a MAC system?

Answer 23

In a MAC system, designated security administrators have the authority to assign a subset of total privileges for a subset of objects. This centralizes control and ensures a consistent and secure approach to access permissions.

Question 24

How does MAC differ from DAC regarding the assignment of access rights to subjects?

Answer 24

In MAC, designated security administrators assign access rights or permissions to subjects, making it mandatory and centrally controlled. In contrast, DAC allows the object owner’s discretion in assigning access rights.

Question 25

Explain the role of security administrators in a MAC system and their responsibility for access control.

Answer 25

Security administrators in a MAC system are responsible for uniformly enforcing access control policies. Their role involves assigning and managing access rights or permissions, ensuring a centralized and controlled approach to security rule modifications.

Question 26

What are the limitations imposed on subjects in a MAC system in terms of changing security attributes or modifying rules?

Answer 26

In a MAC system, subjects are limited in their ability to change security attributes on subjects, objects, the information system, or system components. Additionally, they are restricted from choosing security attributes for newly created or modified objects and changing the rules governing access control.

Question 27

ow does MAC contribute to a more centralized and controlled approach to access management in an information system?

Answer 27

MAC contributes to a more centralized and controlled approach to access management by restricting the assignment of access rights to designated security administrators. This ensures consistency and security in the enforcement of access control policies.

Question 28

Why is the distinction between MAC and DAC crucial in understanding the control dynamics within an information system?

Answer 28

The distinction between MAC and DAC is crucial as it defines who has the authority to control access within an information system. Understanding this difference is essential for comprehending the centralized, mandatory nature of access control in MAC compared to the discretionary approach in DAC.

Question 29

Explain the concept of Role-Based Access Control (RBAC) and its application in the workplace.

Answer 29

RBAC provides each worker with privileges based on their role in the organization. Access to specific resources is determined by the employee's role, ensuring a tailored and secure access structure within the workplace.

Question 30

Provide examples of how RBAC is implemented in an organization concerning different roles and their corresponding access privileges.

Answer 30

Examples of RBAC implementation include HR staff having access to personnel files, Finance having access to bank accounts, managers having access to their direct reports and department, and high-level administrators having comprehensive access. New employees typically start with minimal access required for their roles.

Question 31

Why is monitoring role-based permissions crucial in an organization, and what risks does inadequate monitoring pose?

Answer 31

Monitoring role-based permissions is vital to ensure that employees have the necessary access for their roles. Inadequate monitoring can lead to privilege creep, where individuals retain unnecessary permissions. Forgetting to adjust permissions can result in inappropriate access for new employees or those changing roles.

Question 32

Define privilege creep and explain how it can occur in an organization.

Answer 32

Privilege creep, or permissions creep, occurs when an individual's permissions are expanded for a specific reason, but those permissions are not revoked when they are no longer needed. This can lead to individuals inheriting unnecessary access, posing security risks.

Question 33

Discuss the challenges associated with managing multiple roles and their permissions, especially in a dynamic work environment.

Answer 33

Managing multiple roles and permissions, particularly in a dynamic work environment, can be challenging. Changes in job responsibilities and personnel turnover require close monitoring to ensure employees have the necessary access without granting more permissions than needed.

Question 34

What is the significance of establishing standard roles and permissions in RBAC, especially when hiring or assigning new roles?

Answer 34

Establishing standard roles and permissions is crucial in RBAC to ensure consistency and security. When hiring or changing roles, it is recommended to create new users based on these standards rather than copying user profiles. This practice ensures that new employees start with appropriate roles and permissions.

Question 35

Explain why copying user profiles is discouraged in RBAC and how creating new users based on standard roles enhances security.

Answer 35

Copying user profiles is discouraged in RBAC because it can lead to inheriting unnecessary permissions. Creating new users based on standard roles ensures that new employees start with predefined and appropriate roles and permissions, reducing the risk of privilege creep.

Question 36

How can RBAC be a challenge in a constantly evolving job landscape, and what practices can help address this challenge?

Answer 36

In a dynamic job landscape, RBAC can be challenging to manage. To address this, it is essential to establish standard roles and permissions. Regularly reviewing and updating roles, along with avoiding the copying of user profiles, ensures that access aligns with current job requirements.

Question 37

What role does RBAC play in enhancing cybersecurity within an organization, especially in controlling and limiting access to sensitive information?

Answer 37

RBAC plays a crucial role in enhancing cybersecurity by controlling and limiting access to sensitive information. It ensures that employees only have access to resources necessary for their roles, reducing the risk of unauthorized access and potential security breaches.

Question 38

How does RBAC contribute to a more efficient and secure access management system in organizations?

Answer 38

RBAC contributes to efficiency and security in access management by providing a structured approach based on employee roles. This ensures that individuals have the necessary access for their responsibilities, minimizes the risk of privilege creep, and supports a well-defined and controlled access system.