IS3230 CHAPTER 1 Flashcards
The ability of a subject and an object to interact is called ___.
ACCESS
The process or mechanism of granting or denying use of a resource: typically applied to users or generic network traffic is called ___.
ACCESS CONTROL
The process of confirming the identity of a user. Also, ensuring that a sender and recipient are who they say they are is called ___.
AUTHENTICATION
A way of confirming the identity of a subject. The three ___ are “something you know”; “something you have”; and “something you are”.
AUTHENTICATION FACTOR
The decision to allow or deny a subject access to an object. After a user has been authenticated, for example, authorization determines if the user has the rights to perform specific actions on the network or system. This is known as ___.
AUTHORIZATION
An authentication system based on physical characteristics or behavioral tendencies of an individual is called ___.
BIOMETRICS
The process by which a subject or object identifies itself to the access control system. In the case of users, ____ uniquely distinguishes an individual. In most cases it needs to be proved prior to authentication the user.
IDENTIFICATION
- Anything that is passively acted upon by a subject or
2. The resource to which a subject desires access. Common ___ are data, networks, and printers.
OBJECT
A phrase or sentence used in place of a password is a ___ and is often used as mnemonic devices to help remember complex passwords.
PASSPHRASE
A secret combination of characters known only to the subject is a ___.
PASSWORD
The process of ensuring that no one without the proper credentials can physically access resources is called ___.
PHYSICAL SECURITY
- A document that describes specific requirements or rules that must be met in a given area.
- A formal statement of management intent regarding the business practices of an organization. A ___ is binding upon all affected individuals.
POLICIES
A defined series of steps or actions for achieving an objective or result. Example, a defined workflow used to enforce policies is considered a ___ or a set of ___. This is often written to ensure that tasks are completed in the same way each time, preventing unexpected problems.
PROCEDURES
Something only the subject and the authentication system know. It can be a piece of data that is known only to the parties that communicating with one another. A ___ is used for encryption.
SHARED SECRET
The user, network, system, process or application requesting access to a resource is called ___.
SUBJECT
Something the subject has that no one else does. Smart cards and challenge-response devices are comely used ___.
TOKEN
A technical method or control used to complete a task or achieve a goal, such as enforcing policies is called ___.
TOOLS
- The three principal components of access control are ___, subjects, and objects.
Policies
- The subject is always a human user.
TRUE OR FALSE
FALSE
- Which of the following describes technical methods used to enforce policies?
- Access control
- Procedures
- Tools
- Physical security
- Authentication
Tools
- An organization typically uses procedures and tools together to enforce policies.
TRUE OR FALSE
TRUE
- The three states of a subject in an access control scenario are authorized, unauthorized, and ___.
Unknown
- Physical security is typically the responsibility of the IT department.
TRUE OR FALSE
FALSE
- What is the first step in the access control process?
- Logging in
- Authorization
- Authentication
- Identification
- Access
Identification
