IAM Flashcards
ability to make use of any information system resources
access
entity responsible for monitoring and granting access privileges for other authorized entities
access authority
mediation of subject and object interactions
access control
object based description of a single resource and the permission of each subject
access control list
object based description of a system or multiple resources
access control matrix
type of access control specification in which a user, program, and data items are listed for each allowed operation
access control triple
hierarchical portion of the security level used to identify data sensitivity and user clearance or authorization. Note: The access level and the non-hierarchical categories form the sensitivity label of an object.
access level
segment of time, generally expressed on a daily or weekly basis, during which access rights prevail
access period
risk-reducing principle that attempts to avoid prolonging access time to specific data or to the system beyond what is needed to carry out requisite functionality
access time minimization
nature of an access right to a particular device, program, or file (read, write, execute, append, modify, delete, or create)
access type
ability to obtain the use of a computer system or a resource or the ability and means necessary to store data, retrieve data, or communicate with a system
accessibility
responsibility of a user for the actions taken by their account which requires unique identification
accountability
process of requesting, establishing, issuing, and closing user accounts
account management
that is communication based, typically written or oral. Paperwork, cannot hurt adversary.
Administrative - control type
Policy a function of a subject’s characteristics
Attribute -based Access Control (ABAC)
binary decision by a system of permitting or denying access to the entire system
Authentication
granular decision by a system of permitting or denying access to a particular resource on the system
Authorization
evaluation of a system without prior knowledge by the tester
Blind testing
subject based description of a system or a collection of resources
Capability Tables
to segregate for the purposes of labeling
Compartmentalize
more than one control on a single asset
Compensating - control category
system mediation of access with the focus on the context of the request
Content Dependent Access Control
tool which mediates access
Control
most granular organization of controls
Control category
less granular organization of controls
Control type
to restore to a previous state by removing the adversary and or the results of their actions
Corrective - control category
consume resources to a point of exhaustion, loss of availability
Denial of Service
to record an adversary’s actions
Detective - control category