Identity and Access Management (IAM) Flashcards
access
ability to make use of any information system resources
access authority
entity responsible for monitoring and granting access privileges for other authorized entities
access control
mediation of subject and object interactions
access control list
object based description of a single resource and the permission of each subject
access control matrix
object based description of a system or multiple resources
access control triple
type of access control specification in which a user, program, and data items are listed for each allowed operation
access level
hierarchical portion of the security level used to identify data sensitivity and user clearance or authorization. Note: The access level and the non-hierarchical categories form the sensitivity label of an object.
access period
segment of time, generally expressed on a daily or weekly basis, during which access rights prevail
access time minimization
risk-reducing principle that attempts to avoid prolonging access time to specific data or to the system beyond what is needed to carry out requisite functionality
access type
nature of an access right to a particular device, program, or file (read, write, execute, append, modify, delete, or create)
accessibility
ability to obtain the use of a computer system or a resource or the ability and means necessary to store data, retrieve data, or communicate with a system
accountability
responsibility of a user for the actions taken by their account which requires unique identification
account management
process of requesting, establishing, issuing, and closing user accounts
Administrative
control type- that is communication based, typically written or oral. Paperwork, cannot hurt adversary.
Attribute -based Access Control (ABAC)
Policy a function of a subject’s characteristics
Authentication
binary decision by a system of permitting or denying access to the entire system
Authorization
granular decision by a system of permitting or denying access to a particular resource on the system
Blind testing
evaluation of a system without prior knowledge by the tester
Capability Tables
subject based description of a system or a collection of resources
Compartmentalize
to segregate for the purposes of labeling
Compensating
control category - more than one control on a single asset
Content Dependent Access Control
system mediation of access with the focus on the context of the request
Control
tool which mediates access
Control category
most granular organization of controls
Control type
less granular organization of controls
Corrective
control category- to restore to a previous state by removing the adversary and or the results of their actions
Denial of Service
consume resources to a point of exhaustion, loss of availability
Detective
control category- to record an adversary’s actions