Chapter 8 Flashcards
Explain InfoSec framework, blueprint, and model:
A framework is the outline of a more thorough blueprint, used in the creation of the InfoSec environment.
A security model is a generic blueprint offered by a service organization
What are access controls?
Access controls regulate user access into trusted area of an organization, by using policies, software, and technology.
The 4 processes of access control are:
(!!)
-Identification
-Authentication
-Authorization
-Accountability
What are the 3 key principles of access control?
-Least privilege: users can access the minimum amount of information necessary.
-Need to know: users can only access the specific information required for their task.
-Separation of duties: more than one individual is responsible for different parts of a task.
3 NIST Control Categories:
-Management
-Operational
-Technical
Name an example of operational control for each of the following: (!!)
1- Deterrent:
2- Preventative
3- Detective
4- Corrective
5- Recovery
6- Compensating
1- Warning signs
2- Gates, fences, and guards.
3- CCTV
4- Fire suppression systems
5- Disaster recovery procedures
6- Defense in depth
What is “Mandatory Access Controls (MACs)”?
It limits users and data owners’ control over information, to protect data.
What are the 3 levels of classified data in organizations?
1- Public
2- For offical use only
3- Confidential
What is the “Security Clearance Structure”?
In this structure, each user, depending on their authorization level, has access to a certain level of information.
What are “Discretionary Access Controls (DACs)”?
The user controls the level of restriction for access to their information.
User by most personal OS’s.
What are Security Architecture Models?
They provide InfoSec implementations and help organizations make quick improvements.
What is the InfoSec Governance Framework?
A managerial model that provides guidance in the developement of governance structures.
