Vocabulary Flashcards
Redundancy
Redundancy is the intentional duplication of critical components or functions of a system with the goal of increasing reliability of the systems usually in the form of backup or fai-safe, or to improve actual system performance such as in the case of GNSS receivers, or multi-threaded computer processing.
Defense in Depth
Defense in Depth is the overlap, mutually reinforced layers of security (controls) that serve to provide protection to an organisation and its assets.
Due Diligence
How we prepare
Due care
How we act
Accountability
The acknowledge and assumption of responsibility for actions, decisions, and policies including administration, governance, and implementation within the scope of the role or employment position and encompassing the obligation to report, explain and be answerable for resulting consequences.
Responsibility
The duty to respond t and complete tasks.
Privacy
Freedom from intrusion by others.
Non-repudiaiton
General: Assurance that someone cannot deny the vaility of something.
Security specific: Assurance that the sender of the information i provided with proof of delivery and the recipient is provided with proof of the sender’s idedntity, so neither can later eny having processed the information.
Need-to-Know
Focuses on permissions & ability to access information.
Reember:
1. Permissions allow access to objects (access rights)
2. Rights refer to ability to take action
3. Privileges = rights + permissions
Entitlement
Amount of privileges granted to a user.
Aggregation
Amount of privileges that a user “collects” over time.
Least privilege
Permissions + Rights = privilege / Minimum amount of privilege requied to perform a task.
Separation of duties & responsibilities
Ensures that no single person has “total control”.
1. Separation of Privileges - applies concept of least privilege to applications & processes.
2. Segregation of Duties - separation of duties + least privilege; designed to guard against excessive access to prevent conflicts of interest.
3. Two-Person Control (rule) - actvity requires the approval of 2 people to be carried out.
4. Split-knowldge - separation of duties + 2 person rule
Privilege account management
Ensures that people do not have more privileges than needed & that they do not misuse privileges that they have.
Job Rotation (rotation of duties)
Move people through various jobs/tasks to spread knowledge & responsibility.
1. Mandatory vacations