Identify & Access Management . Flashcards
What are the core activities of identity and access management?
- Identification
- Authentication
- Authorization
In an access control system, we seek to limit the access that _____ have to _____.
- Subjects
- Objects
Access Controls work in three different fashions, what are they?
- Technical (or logical) Controls
- Physical Controls
- Administrative Controls
This type of access control…
Uses hardware and software mechanisms, such as firewalls and intrusion prevention systems, to limit access.
Technical (logical) Controls
This type of access control…
Such as locks and keys, limit physical access to controlled spaces.
Physical Controls
This type of access control…
Such as account reviews, provide management of personnel and business practices.
Administrative Controls
Multifactor authentication systems combine authentication technologies from two or more of the following categories: Something you know, Something you have, Something you are (T/F)?
True!
What type of factor is…
- Something you know?
- Something you have?
- Something you are?
- Something you know (Type 1 factors)
- Something you have (Type 2 factors)
- Something you are (Type 3 factors)
This type of authentication system…
Relies upon secret information, such as a password.
Something you know
This type of authentication system…
Relies upon physical possession of an object, such as a smartphone.
Something you have
This type of authentication system…
Relies on biometric characteristics of a person, such as a face scan or fingerprint.
Something you are
Authentication technologies may experience two types of errors, what are they?
- False Positive
- False Negative
How does a False Positive error occur?
Errors occur when a system accepts an invalid user as correct.
How does a False Negative error occur?
Errors occur when a system rejects a valid user, measured using the false rejection rate (FRR).
The effectiveness of an authentication technology uses what?
Crossover Error Rate (CER)
- This is where False Acceptance Rate (FAR) and False Rejection Rate (FRR) equal each other.