Domain 5 Identity and Assess Mgt Flashcards
Preventive Control
attempts to thwart or stop unwanted
or unauthorized activity from occurring
fences, locks, biometrics, mantraps, lighting, alarm systems, separation-of-duties policies, job rotation policies, data classification, penetration testing, access control methods,
encryption, auditing, the presence of security cameras or closed-circuit television (CCTV),
smartcards, callback procedures, security policies, security awareness training, antivirus
software, firewalls, and intrusion prevention systems.
Detective Control
A detective control attempts to discover or detect unwanted or unauthorized activity. Detective controls operate after the fact and can discover the activity
only after it has occurred
Corrective Control
A corrective control modifies the environment to return
systems to normal after an unwanted or unauthorized activity has occurred
Deterrent Control
A deterrent access control attempts to discourage security policy violations. Deterrent and preventive controls are similar, but deterrent controls often
depend on individuals deciding not to take an unwanted action. In contrast, a preventive
control blocks the action.
Recovery Access Control
A recovery access control attempts to repair or restore
resources, functions, and capabilities after a security policy violation. Recovery controls are an extension of corrective controls but have more advanced or complex abilities
Directive Control
A directive access control attempts to direct, confi ne, or control the actions of subjects to force or encourage compliance with security policies
Examples of directive access controls include security policy requirements or criteria, posted notifi cations, escape route exit signs, monitoring, supervision, and procedures.
Compensating Control
A compensating access control provides an alternative
when it isn’t possible to use a primary control, or when necessary to increase the effectiveness of a primary control.
Administrative Control
Administrative access controls are the policies and procedures defined by an organization’s security policy and other regulations or requirements
Logical/Technical Controls
Logical access controls (also known as technical access controls) are the hardware or software mechanisms used to manage access and to provide
protection for resources and systems. As the name implies, they use technology.
Physical Control
Physical access controls are items you can physically touch. They include physical mechanisms deployed to prevent, monitor, or detect direct contact with systems or areas within a facility.
Synchronous Dynamic Password Tokens
Hardware tokens that create synchronous
dynamic passwords are time-based and synchronized with an authentication server
Asynchronous Dynamic Password Tokens
An asynchronous dynamic password does not
use a clock. Instead, the hardware token generates passwords based on an algorithm and an
incrementing counter.
HOTP
HMAC based one time password
Creates HOTP of 6 - 8 numbers
similar to Asynchronous dynamic token
TOTP
Time-based OTP. Similar to Synchronous Dynamic token
SSO
Single Sign on. Part of Federated Identity Mgt.
authenticated once on a system and to access multiple resources without authenticating
again.
