Lecture 1 Flashcards
Accountability and Access Control
What is the CIA Triad?
Confidentiality, Integrity and Availability
The hardware, software, policy/procedures used to grant/restrict access, monitor/record access, identifies users accessing and determines authorization is what?
Access Control
The transfer of information from an object to a subject is called what?
Access
There are two types of access, what are they?
Physical and logical
Access should always have an implicit what statement?
Implicit Deny
What is the term that ensures that only authorized subjects can access objects?
Confidentiality
What is the term that ensures that unauthorized or unwanted changes to objects are denied?
Integrity
What is the term that ensures that authorized requests for objects are granted as quickly as system and network parameters allow?
Availability
What are the seven categories of function or purpose of Access Controls?
Preventive (or preventative) Deterrent Detective Corrective Recovery Compensation Directive
What are the 3 ways access controls can be implemented?
Physical
Technical/logical
Administrative
Why is accountability important?
It holds an entity responsible for their actions online/on the system
What steps are needed to hold someone accountable?
Identification Authentication Authorization Auditing Accountability
process by which a subject professes an identity is called what?
Identification
Examples: userid, username
process of verifying that a claimed identity is valid is called what?
Authentication
What are the 3 factors used for authentication?
Something you know (password, pin)
Something you have (token, smartcard)
Something you are (fingerprint, retina scan)